Device Code

The Device Code Flow enables text-only devices to participate in the authentication dance with Azure AD. This is only for devices that don't offer an interactive authentication (web) experience. The principle is that the application will share with the user a code and the URL where the user will sign-in using another device enabling web interaction(such as a browser), then the application will wait until it gets confirmation from the STS that the user has indeed signed-in before requesting a token. To use it, the application must call two APIs:

acquire_user_code(resource, client_id)
acquire_token_with_device_code(resource, code, client_id)

The flow is as follows:

• The application calls acquire_user_code, which interacts with the STS and returns a dict containing the code and message with URL.

• The application then displays to the user the content of the code[message]. This message tells the user to go to a the URL of a web site where s/he will need to provide this code and sign-in with a web enabled device (other than the device running the application as this is a text only device).

• The application then executes acquire_token_with_device_code which waits until the user has signed-in in the other web enabled device. At this time, the STS will return the token.