Hello @scarecrow kakashi ,
Thanks for posting your query. From the description above I could understand that you are not able to use User_Code after 300 seconds though it says 900 seconds as lifetime in the code definition. Please do correct me there is any contradiction in my undertstanding.
I was able to test the device code flow with following attributes in the body:
For device code endpoint
**For Token endpoint: **
- Issued the user_code and device_code at Fri Sep 09 2022 12:23 PM IST
- As per your description tried redeeming the code after 300 seconds at 12:31 PM (480 seconds) and was successful.
- Using the same code was able to request the access token and it was issued successfully at **Fri Sep 09 2022 12:31:14 GMT+0530 (India Standard Time) **
- Did try to reuse the same device code after some time got the following error:
- **Did request another device and user code at 4:30 PM IST (11:00:36 AM GMT) I was able to test this and got the following results: **
- **Tried to redeem the code after 900 seconds and, got the following error: **
**Conclusion: **
- The device and user code both with work only within 900 seconds since code has been issued (not user code being redeemed), https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code#device-authorization-request
- The device code would work only once to get access token.
- The user code could be redeemed only once
Next Action:
- Kindly confirm the error and screenshot you got while using the user_code and devce_code after 300 seconds.
- Kindly validate if you had a scenario beyond observed behavior in conclusion above.
Solution: Kindly use: https://login.microsoftonline.com/common/oauth2/deviceauth to get the device code instead of https://login.live.com/oauth20_remoteconnect.srf
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Thanks,
Akshay