Device Code Example OAuth 2.0

Use this grant type for configurations that use Federated accounts without Azure Active Directory as the underlying Identity Provider.

Prerequisites

Use the offline_access scope parameter when connecting through this method. Logging into the RIM API should follow the refresh_token grant after initial bearer token has been generated.

To define client credentials:

1. Submit a HTTPS POST request to: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token

   The tenant_id format: xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx.

   The body of the request should include the form-data:

   Parameter Name	Value
   client_id	xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
   scope	<registered client_id>/.default openid offline_access

   A "user_code" is generated on successful POST operation.
2. In a browser, navigate to: https://microsoft.com/devicelogin.
3. Enter the user_code string generated into the browser field.
4. Follow the prompts to complete the authentication request.
5. Record or capture the device_code generated as part of the POST request
6. Submit a HTTPS POST request to: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token

   Parameter Name	Value
   grant_type	urn:ietf:params:oauth:grant-type:device_code
   client_id	<registered client_id>
   device_code	<device_code_from_previous_step>

   The Response generates an AzureBearerBody Token with the offline_access parameter set.
7. Use this bearer token in the refresh_token grant flow.

If the offline_access parameter is not defined, follow the usual steps to generate the X-CSRF-TOKEN, JSESSION & RIM API login.