Device Authorization Grant

1

DEVICE

Device Authorization Request

The device requests a device code and user code from the authorization server. The user code and verification URI will be displayed to the user.

/oauth2/v1/device/authorize

Configuration

Okta Domain

Authorization Server

/oauth2/v1/

Client ID

Scopes (optional)

Configure Okta Domain and Authorization Server to load scopes

cURL Command

Explain cURL | regenerate curl

Response

2

USER

User Authorization

The user visits the verification URI on a secondary device (phone, computer) and enters the user code to authorize the device. Application will present the user with code, URL, or generate QR to help guide use to the verification URI. The intent is to provide the least amount of friction on the user authenticating, in event the URL cannot be clicked or QR presenting you may create a short code URI and forward to the /activate.

3

DEVICE

Poll for Token

The device polls the token endpoint at the specified interval until the user completes authorization or the code expires.

/oauth2/v1/token grant_type=urn:ietf:params:oauth:grant-type:device_code

cURL Command

Explain cURL | regenerate curl

4

CLIENT APP Optional

Test Token with API

Test the access token by making an authenticated API request to a resource server.

Request Body (optional)

cURL Command

Explain cURL | regenerate curl

Save Configuration

Saved Configurations

Device Authorization Request

User Authorization

Poll for Token

Test Token with API

Parameter Details

Message