---
descriptions:
  workos_connect_token_device_code_request:
    grant_type: >
      Must be `urn:ietf:params:oauth:grant-type:device_code` for device
      authorization flow.
    device_code: |
      The device code obtained from the device authorization endpoint.
    client_id: |
      The client ID of the WorkOS Connect Application.
    client_secret: |
      A secret key associated with the WorkOS Connect Application.
  workos_connect_token_device_code_response:
    access_token: |
      A JWT that can be used to authorize requests.
    refresh_token: >
      An opaque token that can be exchanged for new access, ID, and refresh
      tokens.
    id_token: |
      A JWT that contains information about the user.
    token_type: |
      How to use the access token to authorize requests. Always `"Bearer"`.
    expires_in: |
      The number of seconds until the access token expires.
reference:
  curl:
    - url: /reference/workos-connect/cli-auth/device-code-grant
      key: workos_connect_token_device_code
      id: workos_connect_token_device_code
      title: /oauth2/token
      type: POST
      parameters:
        - key: grant_type
          type: '"urn:ietf:params:oauth:grant-type:device_code"'
          description: (workos_connect_token_device_code_request.grant_type)
        - key: device_code
          type: string
          description: (workos_connect_token_device_code_request.device_code)
        - key: client_id
          type: string
          description: (workos_connect_token_device_code_request.client_id)
        - key: client_secret?
          type: string
          description: (workos_connect_token_device_code_request.client_secret)
      returns:
        - key: access_token
          type: string
          description: (workos_connect_token_device_code_response.access_token)
        - key: refresh_token
          type: string
          description: (workos_connect_token_device_code_response.refresh_token)
        - key: id_token
          type: string
          description: (workos_connect_token_device_code_response.id_token)
        - key: token_type
          type: '"Bearer"'
          description: (workos_connect_token_device_code_response.token_type)
        - key: expires_in
          type: integer
          description: (workos_connect_token_device_code_response.expires_in)
originalPath: >-
  .tmp-workos-clone/packages/docs/content/reference/workos-connect/cli-auth/device-code-grant.mdx
---

## Device code grant

Exchanges a device code for access and refresh tokens as part of the device authorization flow for WorkOS Connect applications. This endpoint should be polled repeatedly until the user authorizes the request, declines it, or the device code expires.

<CodeBlock referenceId="workos_connect_token_device_code">
  <CodeBlockTab title="Request" file="device-code-grant-request" />
  <CodeBlockTab title="Response" file="device-code-grant-response" />
</CodeBlock>

The returned tokens are similar to those provided by the [authorization code grant](/reference/workos-connect/token/authorization-code-grant).