The "user_code expires_in" value of the OAuth device code flow is wrong, and the "token expires_in" is correct.

scarecrow kakashi 246 Reputation points

I follow device code grant,

Step 1.Get user_code

Step 2.Get token

"user_code expires_in" in step 1 has a problem,expect 900 seconds valid period according to response, but after 300 seconds user_code invalid.
"token expires_in" in step 2 is correct.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,460 questions
Azure Active Directory External Identities
{count} votes

Accepted answer
  1. Akshay-MSFT 3,876 Reputation points Microsoft Employee

    Hello @scarecrow kakashi ,

    Thanks for posting your query. From the description above I could understand that you are not able to use User_Code after 300 seconds though it says 900 seconds as lifetime in the code definition. Please do correct me there is any contradiction in my undertstanding.

    I was able to test the device code flow with following attributes in the body:

    For device code endpoint


    **For Token endpoint: **


    • Issued the user_code and device_code at Fri Sep 09 2022 12:23 PM IST


    • As per your description tried redeeming the code after 300 seconds at 12:31 PM (480 seconds) and was successful.
    • Using the same code was able to request the access token and it was issued successfully at **Fri Sep 09 2022 12:31:14 GMT+0530 (India Standard Time) **


    • Did try to reuse the same device code after some time got the following error:


    • **Did request another device and user code at 4:30 PM IST (11:00:36 AM GMT) I was able to test this and got the following results: **


    • **Tried to redeem the code after 900 seconds and, got the following error: **


    **Conclusion: **

    1. The device and user code both with work only within 900 seconds since code has been issued (not user code being redeemed),
    2. The device code would work only once to get access token.
    3. The user code could be redeemed only once


    Next Action:

    • Kindly confirm the error and screenshot you got while using the user_code and devce_code after 300 seconds.
    • Kindly validate if you had a scenario beyond observed behavior in conclusion above.

    Solution: Kindly use: to get the device code instead of

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful