Device Code Clients
- Last UpdatedJul 27, 2023
- 5 minute read
Device code clients are used in browserless or input constrained devices. These clients are issued an identifier. Device code clients are not issued secrets.
List All Device Code Clients from Tenant
Returns all device code clients from a tenant. Optionally, get a list of requested clients. Total number of clients in the tenant set in the Total-Count header.
Request
GET /api/v1/Tenants/{tenantId}/DeviceCodeClients
?id={id}&tag={tag}&query={query}&skip={skip}&count={count}
Parameters
string tenantId
Tenant identifier.
[optional] array id
Unordered list of identifiers for all clients to get. Empty or whitespace identifiers will be ignored.[optional] array tag
Only return clients that have these tags.[optional] string query
(Not supported) Search string identifier.[optional] integer skip
Parameter representing the zero-based offset of the first object to retrieve. If unspecified, a default value of 0 is used.[optional] integer count
Parameter representing the maximum number of objects to retrieve. If unspecified, a default value of 100 is used.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | DeviceCodeClient[] | Device Code Clients found |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (DeviceCodeClient[])
[
{
"Id": "string",
"Name": "string",
"Enabled": true,
"AccessTokenLifetime": 0,
"Tags": [
"string"
],
"DeviceCodeLifetime": 0,
"ClientUri": "string",
"LogoUri": "string"
}
]
Authorization
Allowed for these roles:
- Tenant Member
Get Total Count Device Code Clients from Tenant
Return total number of device dode clients in a tenant. Optionally, checks based on a list of requested clients. The value will be set in the Total-Count header. This method is identical to the GET method but it does not return any objects in the body.
Request
HEAD /api/v1/Tenants/{tenantId}/DeviceCodeClients
?id={id}&tag={tag}
Parameters
string tenantId
Tenant identifier.
[optional] array id
Unordered list of identifiers for all clients to get. Empty or whitespace identifiers will be ignored.[optional] array tag
Only return clients that have these tags.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Device code client headers |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Client or tenant not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Member
Create a Device Code Client
Create a device code flow client. No secret will be generated for this client.
Request
POST /api/v1/Tenants/{tenantId}/DeviceCodeClients
Parameters
string tenantId
Tenant identifier.
Request Body
New DeviceCodeClient object.
{
"Id": "string",
"Name": "string",
"Enabled": true,
"AccessTokenLifetime": 0,
"Tags": [
"string"
],
"DeviceCodeLifetime": 0,
"ClientUri": "string",
"LogoUri": "string"
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 201 | DeviceCodeClient | Device code client created |
| 400 | ErrorResponse | Missing or invalid inputs, or client limit exceeded |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 409 | ErrorResponse | Client identifier already exists |
| 500 | ErrorResponse | Internal server error. |
Example response body
201 Response (DeviceCodeClient)
{
"Id": "string",
"Name": "string",
"Enabled": true,
"AccessTokenLifetime": 0,
"Tags": [
"string"
],
"DeviceCodeLifetime": 0,
"ClientUri": "string",
"LogoUri": "string"
}
Authorization
Allowed for these roles:
- Tenant Administrator
Get a Device Code Client from Tenant
Returns a device code client from a tenant.
Request
GET /api/v1/Tenants/{tenantId}/DeviceCodeClients/{clientId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | DeviceCodeClient | Device code client specified |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Client or tenant not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (DeviceCodeClient)
{
"Id": "string",
"Name": "string",
"Enabled": true,
"AccessTokenLifetime": 0,
"Tags": [
"string"
],
"DeviceCodeLifetime": 0,
"ClientUri": "string",
"LogoUri": "string"
}
Authorization
Allowed for these roles:
- Self
- Tenant Member
Get Header for Device Code Client
Validates that a device code client exists in a tenant.
Request
HEAD /api/v1/Tenants/{tenantId}/DeviceCodeClients/{clientId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | ClientCredentialClient | Header for specified device code client |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Client or tenant not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (ClientCredentialClient)
{
"Id": "string",
"Name": "string",
"Enabled": true,
"AccessTokenLifetime": 0,
"Tags": [
"string"
],
"RoleIds": [
"string"
]
}
Authorization
Allowed for these roles:
- Self
- Tenant Member
Update a Device Code Client
Updates a device code client. It can take up to one hour for update to manifest in the authentication process.
Request
PUT /api/v1/Tenants/{tenantId}/DeviceCodeClients/{clientId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.
Request Body
Updated device code client values. Properties that are not set or are null will not be changed.
{
"Id": "string",
"Name": "string",
"Enabled": true,
"AccessTokenLifetime": 0,
"Tags": [
"string"
],
"DeviceCodeLifetime": 0,
"ClientUri": "string",
"LogoUri": "string"
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | DeviceCodeClient | Device Code Client updated |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Client or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (DeviceCodeClient)
{
"Id": "string",
"Name": "string",
"Enabled": true,
"AccessTokenLifetime": 0,
"Tags": [
"string"
],
"DeviceCodeLifetime": 0,
"ClientUri": "string",
"LogoUri": "string"
}
Authorization
Allowed for these roles:
- Tenant Administrator
Delete a Device Code Client
Deletes a device code client. It can take up to one hour for deletion to manifest in the authentication process. Access tokens issued to this client will be valid until their expiration.
Request
DELETE /api/v1/Tenants/{tenantId}/DeviceCodeClients/{clientId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 204 | None | No content |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Client or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 409 | ErrorResponse | Found. |
| 500 | ErrorResponse | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
Definitions
DeviceCodeClient
Object used for device code clients
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Id | string | false | true | Client identifier for this client. This identifier should be a GUID. |
| Name | string | false | true | Name of client |
| Enabled | boolean | false | true | Whether client is enabled. Client can be used for authentication if set to true. Client cannot be used for authentication if set to false. |
| AccessTokenLifetime | int32 | false | true | Lifetime of access token issued for this client after authentication. Minimum 60 seconds. Maximum 3600 seconds. Defaults to 3600 seconds. |
| Tags | string[] | false | true | Tags for AVEVA internal use only |
| DeviceCodeLifetime | int32 | false | true | Lifetime of device code, in seconds |
| ClientUri | string | false | true | URI to a page with information about client (used on consent screen) |
| LogoUri | string | false | true | URI to client logo (used on consent screen) |
{
"Id": "string",
"Name": "string",
"Enabled": true,
"AccessTokenLifetime": 0,
"Tags": [
"string"
],
"DeviceCodeLifetime": 0,
"ClientUri": "string",
"LogoUri": "string"
}
ErrorResponse
Object returned whenever there is an error
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| OperationId | string | true | false | Operation identifier of action that caused the error |
| Error | string | true | false | Error description |
| Reason | string | true | false | Reason for the error |
| Resolution | string | true | false | Resolution to resolve the error |
| DynamicProperties | object | false | true | Additional properties |
{
"OperationId": "string",
"Error": "string",
"Reason": "string",
"Resolution": "string",
"DynamicProperties": {
"property1": null,
"property2": null
},
"property1": null,
"property2": null
}
ClientCredentialClient
Object to return or update a ClientCredentialClient
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Id | string | false | true | Client identifier for this client. This identifier should be a GUID. |
| Name | string | false | true | Name of client |
| Enabled | boolean | false | true | Whether client is enabled. Client can be used for authentication if set to true. Client cannot be used for authentication if set to false. |
| AccessTokenLifetime | int32 | false | true | Lifetime of access token issued for this client after authentication. Minimum 60 seconds. Maximum 3600 seconds. Defaults to 3600 seconds. |
| Tags | string[] | false | true | Tags for AVEVA internal use only |
| RoleIds | string[] | false | true | List of roles to be assigned to this client. Member role is always required. For security reasons, we advise against assigning administrator role to a client. |
{
"Id": "string",
"Name": "string",
"Enabled": true,
"AccessTokenLifetime": 0,
"Tags": [
"string"
],
"RoleIds": [
"string"
]
}