Device Authorization Request

POST 
/authz-srv/device/authz

Device Authorization Request (OAuth 2.0 Device Authorization Grant - RFC 8628)

Device Authorization enables you to sign in to applications that run on input constrained devices or devices without a browser with the help of a secondary device, such as a laptop or mobile phone.

This POST endpoint is the standardized way according to RFC 8628. The request body uses application/x-www-form-urlencoded format.

This endpoint initializes the device authorization flow and returns a device_code, user_code, and verification_uri. The user then authenticates on a separate device using the user_code, while the device polls the token endpoint using the device_code.

Flow Overview:

1. Device requests authorization → receives device_code and user_code
2. Device displays user_code and verification_uri to user
3. User visits verification_uri on separate device and enters user_code
4. User authenticates on separate device
5. Device polls token endpoint with device_code until authentication completes

For more details, see the Device Code Flow documentation.

Request

Responses

200

OK

400

Bad Request