--- title: /oauth2/device/code description: The Device authorization grant endpoint defined in RFC 8628 OAuth 2.0 Device Authorization Grant. component: pingoneaic-api page_id: pingoneaic-api:am-oauth2:rest-api-oauth2-device-code canonical_url: https://developer.pingidentity.com/pingoneaic-api/am-oauth2/rest-api-oauth2-device-code.html keywords: ["OAuth 2.0", "API Explorer", "Endpoints"] page_aliases: ["oauth2-guide:rest-api-oauth2-device-code.adoc"] --- # /oauth2/device/code The [Device authorization grant](https://docs.pingidentity.com/pingoneaic/latest/am-oauth2/oauth2-device-flow.html) endpoint defined in RFC 8628 [OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/info/rfc8628). Client devices use this endpoint in the following flows to get the codes and information required to obtain the resource owner's consent for device access: * Device flow ([OAuth 2.0](https://docs.pingidentity.com/pingoneaic/latest/am-oauth2/oauth2-device-flow.html)) * Device flow with PKCE ([OAuth 2.0](https://docs.pingidentity.com/pingoneaic/latest/am-oauth2/oauth2-device-flow-pkce.html)) Specify the realm in the request URL; for example: ```none https:///am/oauth2/realms/root/realms/alpha/device/code ``` The device code endpoint supports the following parameters: | Parameter | Description | Required | | ----------------------- | ------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | | `acr_values` | The OpenID Connect authentication context class reference values. | Yes, if [required by the OpenID Connect provider](https://docs.pingidentity.com/pingoneaic/latest/am-oidc1/oidc-authentication-requirements.html) | | `claims` | The user attributes to be returned in the ID token. | No | | `client_id` | Uniquely identifies the application making the request. | Yes | | `code_challenge` | The code verifier generated for the PKCE flow. | Yes, for the [Authorization code grant with PKCE](https://docs.pingidentity.com/pingoneaic/latest/am-oauth2/oauth2-authz-grant-pkce.html) flow | | `code_challenge_method` | The method to derive the code challenge. | Yes, when the `code_challenge` is hashed (recommended) | | `login_hint` | String value that can be set to the ID the user uses to log in. | No | | `nonce` | String value that associates the client session with the ID token. | No | | `prompt` | Specifies whether to prompt the end user for authentication and consent. | No | | `scope` | The scopes linked to the permissions requested by the client from the resource owner. | No | | `state` | The value to maintain state between the request and the callback. | No, but strongly recommended | | `ui_locales` | The end user's preferred languages for the user interface. | No |