3.2.5 Message Processing Events and Sequencing Rules

The resources accessed and manipulated by this protocol are the same as those defined in [RFC6749] and [IETFDRAFT-DEVICEFLOW-11].<10> They are also listed below for reference:



Authorization endpoint (/authorize)

As defined in [RFC6749] section 3.1 (Authorization Endpoint), the authorization endpoint is used to interact with the resource owner and obtain an authorization grant.

Token endpoint (/token)

As defined in [RFC6749] section 3.2 (Token Endpoint), [IETFDRAFT-DEVICEFLOW-11] section 3.4 (Device Access Token Request), and [IETFDRAFT-DEVICEFLOW-11] section 3.5 (Device Access Token Response), the token endpoint on the authorization server is used by an OAuth 2.0 client to obtain an access token by presenting its authorization grant, device verification code, or refresh token.

Device authorization endpoint (/devicecode)

As defined in [IETFDRAFT-DEVICEFLOW-11] sections 3.1 (Device Authorization Request) and 3.2 (Device Authorization Response), the device authorization endpoint is used by an OAuth 2.0 client to obtain device verification codes, user codes, and verification URLs.<11>

The HTTP responses to all the HTTP methods are defined in corresponding sections of [RFC6749].

The response messages for these methods do not contain custom HTTP headers.