Device Code and custom scopes for Access Tokens

I’m trying to add custom scopes to an Access Token when performing Device Flow authentication. Whenever the Access Token is returned, they only scope available is “offline access”

The request is as follows:
curl -H ‘Content-Type:application/x-www-form-urlencoded’ -H ‘Accept-Encoding:gzip’ -X POST ‘’ --data-binary ‘’

The response is as follows:

"device_code": "ueu9DRm9SJs4kfFSQyUMpG-A",
"expires_in": 900,
"interval": 5,
"user_code": "WHWH-CXVV",
"verification_uri": "",
"verification_uri_complete": ""


After completing the verification flow, I make the following request:
curl ’ -H ‘Content-Type:application/x-www-form-urlencoded’ -H ‘Accept-Encoding:gzip’ -X POST ‘’ --data-binary ‘client_id=j_C0QQvnet1ZcK7W_BuENymAu_stdlqv&device_code=ueu9DRm9SJs4kfFSQyUMpG-A&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Adevice_code’

The Access Token that comes back has only “offline_access” scope.


“iss”: “”,
“sub”: “github|792171”,
“aud”: “”,
“iat”: 1568411059,
“exp”: 1568497459,
“azp”: “j_C0QQvnet1ZcK7W_BuENymAu_stdlqv”,
“scope”: “offline_access”,

Is it possible to add a custom scope for device flow? The Application is set as OIDC compliant and the “upload:logs” scope is set on the “” API.

Hi @ericr,

According to this doc you should have no problem requesting custom scopes.

Have you registered the API and added the scopes? How about enabling the scopes for the client (device flow app).

Let me know,

Hi @dan.woda ,

I was able to resolve by removing “Role Based Access Control” from the API endpoint.



1 Like

Thanks for reaching out with the confirmation.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.