The "user_code expires_in" value of the OAuth device code flow is wrong, and the "token expires_in" is correct.

scarecrow kakashi 246 Reputation points
2022-09-05T03:37:10.087+00:00

I follow device code grant, https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code.

Step 1.Get user_code
237640-3.png

Step 2.Get token
237701-8.png

"user_code expires_in" in step 1 has a problem,expect 900 seconds valid period according to response, but after 300 seconds user_code invalid.
"token expires_in" in step 2 is correct.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,633 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,358 questions
{count} votes

Accepted answer
  1. Akshay-MSFT 16,026 Reputation points Microsoft Employee
    2022-09-09T11:50:05.897+00:00

    Hello @scarecrow kakashi ,

    Thanks for posting your query. From the description above I could understand that you are not able to use User_Code after 300 seconds though it says 900 seconds as lifetime in the code definition. Please do correct me there is any contradiction in my undertstanding.

    I was able to test the device code flow with following attributes in the body:

    For device code endpoint

    239492-image.png

    **For Token endpoint: **

    239493-image.png

    • Issued the user_code and device_code at Fri Sep 09 2022 12:23 PM IST

    239467-image.png

    • As per your description tried redeeming the code after 300 seconds at 12:31 PM (480 seconds) and was successful.
    • Using the same code was able to request the access token and it was issued successfully at **Fri Sep 09 2022 12:31:14 GMT+0530 (India Standard Time) **

    239521-image.png

    • Did try to reuse the same device code after some time got the following error:

    239522-image.png

    • **Did request another device and user code at 4:30 PM IST (11:00:36 AM GMT) I was able to test this and got the following results: **

    239531-image.png

    • **Tried to redeem the code after 900 seconds and, got the following error: **

    239468-image.png

    **Conclusion: **

    1. The device and user code both with work only within 900 seconds since code has been issued (not user code being redeemed), https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code#device-authorization-request
    2. The device code would work only once to get access token.
    3. The user code could be redeemed only once

    239523-image.png

    Next Action:

    • Kindly confirm the error and screenshot you got while using the user_code and devce_code after 300 seconds.
    • Kindly validate if you had a scenario beyond observed behavior in conclusion above.

    Solution: Kindly use: https://login.microsoftonline.com/common/oauth2/deviceauth to get the device code instead of https://login.live.com/oauth20_remoteconnect.srf

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    Thanks,
    Akshay

    0 comments No comments

0 additional answers

Sort by: Most helpful