--- title: Device Authorization Grant description: The device authorization grant endpoints support the following actions for applications configured with the DEVICE_CODE grant type: component: pingone-api page_id: pingone-api:auth:openid-connect-oauth-2/device-authorization-grant canonical_url: https://developer.pingidentity.com/pingone-api/auth/openid-connect-oauth-2/device-authorization-grant.html section_ids: device-authorization-grant-data-model: Device authorization grant data model --- # Device Authorization Grant The device authorization grant endpoints support the following actions for applications configured with the `DEVICE_CODE` grant type: * The device authorization endpoint `/{{envID}}/as/device_authorization` starts an action to return an activation code to the end user. The endpoint response returns a device code, a user code, and a verification URI. The supported parameters for the endpoint request are the `client_id` parameter and an optional `scope` parameter. * The start flow endpoints `/{{envID}}/device/{{appIdentifier}}` or `/{{envID}}/device` in which the `appIdentifier` variable represents one of either the application ID (`clientId` or `applicationId`) or a short secondary application identifier (`devicePathId` configured per app) that is used only with the `/device` endpoint. * The token endpoint `/{{envID}}/as/token` returns the tokens issued for the device. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | For information about configuring and application connection that uses a `DEVICE_CODE` grant type, refer to [Create Application (OIDC Device Authorization Grant)](../../platform/applications/applications-1/create-application-oidc-device-authorization-grant.html). For OpenID Connect/OAuth2 data model properties associated with these endpoints, refer to [OpenID Connect/OAuth 2](../openid-connect-oauth-2.html). For flow states associated with device auth grant flows, refer to `DAG_USER_CODE_REQUIRED` and `DAG_CONSENT_REQUIRED` in [Flows](../flows/flows-1.html). For IETF specification information, refer to [RFC8628 OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/rfc/rfc8628). | ## Device authorization grant data model | Property | Type | Required? | Mutable? | Description | | --------------------------- | ------ | --------- | --------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `client_id` | String | Required | Immutable | The application's UUID. | | `grant_type` | String | Required | Mutable | The grant type of the token request. Options are `urn:ietf:params:oauth:grant-type:device_code`. | | `scope` | String | Optional | Mutable | Permissions that determine the resources that the application can access. This parameter is not required, but it is needed to specify accessible resources. Refer to [Authorization](authorize-intro.html) for details when including `offline_access` in the `scope` parameter. | | `device_code` | String | Required | Read only | The device verification code. This is a required property for device auth grant flows. | | `user_code` | String | Required | Read only | The end-user verification code. This is a required property for device auth grant flows. | | `verification_uri` | String | Required | Read only | The end-user verification URI on the authorization server. This is a required property for device auth grant flows. | | `verification_uri_complete` | String | Optional | Read only | The end-user verification URI on the authorization server that includes the `user_code`. | | `expires_in` | String | Required | Read only | The lifetime, in seconds, of the `device_code`. This value is set on the application configuration. | | `interval` | String | Optional | Read only | The minimum amount of time, in seconds, that the client should wait between polling requests to the token endpoint. If no value is provided, the default is 5 seconds. This value is set on the application configuration. | > **Collapse: Related topics** > > * [Device Authorization Grant Flows](../flows/device-authorization-grant-flows.html) > > * [OpenID Connect/OAuth 2](../openid-connect-oauth-2.html) > > * [Flows](../flows/flows-1.html)