Skip to main content
POST
https://{yourDomain}
/
oauth
/
device
/
code
Request Device Code
curl --request POST \
  --url https://{yourDomain}/oauth/device/code \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'client_id=<string>' \
  --data 'scope=openid profile email' \
  --data 'audience=<string>'
{
  "device_code": "GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS",
  "user_code": "WDJB-MJHT",
  "verification_uri": "https://your-tenant.auth0.com/activate",
  "verification_uri_complete": "https://your-tenant.auth0.com/activate?user_code=WDJB-MJHT",
  "expires_in": 900,
  "interval": 5
}

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/x-www-form-urlencoded
client_id
string
required

Your application's Client ID

scope
string

Space-delimited list of requested scopes

Example:

"openid profile email"

audience
string

The unique identifier of the target API you want to access

Response

Device code issued successfully

device_code
string
required

The device verification code used when polling for tokens

user_code
string
required

The end-user verification code. Display this to the user.

verification_uri
string<uri>
required

The URI the user should visit to enter the user_code

expires_in
integer
required

The lifetime in seconds of the device_code and user_code

interval
integer
required

The minimum number of seconds to wait between polling requests to /oauth/token

verification_uri_complete
string<uri>

Optional URI that includes the user_code for easier user experience