Universal Print (UP) Printer Registration
1. Registration
1.1 Flow
1.2 APIs
The following APIs are available with the Global UP Registration Service for registering printers.
Global UP Registration Service Base URL: https://register.print.microsoft.com
The full URL will be the combination of the Global base URL and the endpoint(s) below.
1.2.1 /register
The /register endpoint is used to register a printer. There are 2 stages for registration.
Initial registration call to register the printer
Polling registration status for completion of the registration request
1.2.1.1 Initiating Registration
The first stage is to initiate a registration request with the global registration service. This is done by issuing a POST request to the /register endpoint with the registration payload in JSON format.
1.2.1.1.1 HTTP Request
POST /api/{version}/register
{version} is the version of the UP Registration API/protocol that the printer is using.
Currently supported versions are:
- v1.0
1.2.1.1.2 Request Headers
For v1.0:
| Name | Description |
|---|---|
| Authorization | Bearer {token} Required. The printer must sign-in the admin to Azure AD, by follow the Device Code flow or another authorization flow. |
1.2.1.1.3 Request Content-Type
application/json
1.2.1.1.4 Request Payload
The registration request payload will be in JSON format with the following values (case sensitive):
| Value name | Value type | Description | Required |
|---|---|---|---|
| name | string | The friendly name of the Printer. | Yes |
| manufacturer | string | The manufacturer of the Printer. | Yes |
| model | string | The model of the Printer. | Yes |
| device_id | string | The physical device UUID of the Printer. | Yes |
| device_type | string | The type of the device. Supported values (without quotes): "printer" | Yes |
| certificate_request | DeviceCertRequest object | The X.509 Certificate Signing Request (CSR) for the certificate created and used by the printer to identify itself. Please refer to Appendix A.1 for a coding sample on how to create a CSR with BouncyCastle .NET library. | Yes |
The DeviceCertRequest object has the following values (case sensitive):
| Value name | Value type | Description | Required |
|---|---|---|---|
| type | string | A property that MUST contain "pkcs10". | Yes |
| data | string | A property that contains a base64-encoded PKCS#10 certificate request RFC4211. The certificate request MUST use an RSA public key algorithm with a 2048-bit key, a SHA256WithRSAEncryption signature algorithm, and a SHA256 hash algorithm. | Yes |
| transport_key | string | The base64-encoded public portion of an asymmetric key that is generated by the client. | Yes |
1.2.1.1.5 Successful Response
On success (202 Accepted), the registration response payload will be in JSON format with the following values (case sensitive):
| Value name | Value type | Description | Required |
|---|---|---|---|
| registration_id | string | The unique ID that represents this registration request. This will be used when polling for registration status. | Yes |
| interval | integer | Polling interval time (in seconds) to check for completion of the registration request. | Yes |
1.2.1.1.6 Error Response
On error, the following HTTP status codes will be returned along with an error response payload. The error response payload will contain an error JSON object following the format in section 2.
HTTP Status Codes
| HTTP Status Code | Description |
|---|---|
| 400 (Bad Request) | The request is invalid or malformed. See error response payload for details. Fix and resend the request. |
| 500 (Internal Server Error) | An internal error has occurred in the service. See error response payload for details. Retry the request (if possible, retry_timeout will be set). |
Error Codes
| Error Codes | Description | HTTP Status Code |
|---|---|---|
| invalid_request | The registration request payload was malformed/invalid. This usually occurs during development stages. See error_description for more details. | 400 |
| device_code_error | The service could not generate a Device/User Code pair. | 500 |
| storage_error | The service experienced an error with Back-end Storage. | 500 |
| service_error | An error occurred in the service. See error_description for more details. | 500 |
1.2.1.1.7 Examples
1.2.1.1.7.5 Request v1.0
POST https://register.print.microsoft.com/api/v1.0/register HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkZ6U3pHTVZ1a0U2Nm9EQnpwR0JUY2NBMlVRYyIsImtpZCI6IkZ6U3pHTVZ1a0U2Nm9EQnpwR0JUY2NBMlVRYyJ9.eyJhdWQiOiJodHRwczovL3ByaW50LnByaW50LXBwZS5taWNyb3NvZnQuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy1wcGUubmV0LzIwZGY5NTlmLWE0OTItNGU3NC05N2E3LTE0YWJiM2ZlZjFkYi8iLCJpYXQiOjE1NjE2NzUxNjYsIm5iZiI6MTU2MTY3NTE2NiwiZXhwIjoxNTYxNjc5MDY2LCJhY3IiOiIxIiwiYWlvIjoiNDJOZ1lOQXNYbUtTSHZSM3Jvcjd2RVdMMWtmc0NMUi93R085cjYzMGl2T1RLWlVoV1ZzQSIsImFtciI6WyJwd2QiXSwiYXBwaWQiOiI0MTdhZTZlYi1hYWM4LTQyYzgtOTAwYy0wZTUwZGViYmE2ODgiLCJhcHBpZGFjciI6IjAiLCJmYW1pbHlfbmFtZSI6IlN0YWdlciIsImdpdmVuX25hbWUiOiJNYWRlbGluZSIsImdyb3VwcyI6WyI1YjljNGVkMS0yMWUyLTRkNzktYjE0Zi1mMzYyMTI5ODcyYjIiXSwiaXBhZGRyIjoiMTMxLjEwNy4xNTkuMjAiLCJuYW1lIjoiTWFkZWxpbmUgU3RhZ2VyIiwib2lkIjoiYzJmMjg2NDctMWQ4ZS00YTdhLWIzZjctZjU4YmQ3ODYxODk4IiwicHVpZCI6IjEwMDM0MDAwMDA2OEJFQzgiLCJzY3AiOiJzYW1wbGVzLnJlYWQgc2FtcGxlcy53cml0ZSIsInN1YiI6IlR6b2hRcmNzTHNjNUNHR09hWndxa1ZiajhaSkh4MnB1dzdpcWhWVXFWRGsiLCJ0ZW5hbnRfY3RyeSI6IlVTIiwidGlkIjoiMjBkZjk1OWYtYTQ5Mi00ZTc0LTk3YTctMTRhYmIzZmVmMWRiIiwidW5pcXVlX25hbWUiOiJtYXN0YWdlckBjbG91ZHByaW50cHBlLmNjc2N0cC5uZXQiLCJ1cG4iOiJtYXN0YWdlckBjbG91ZHByaW50cHBlLmNjc2N0cC5uZXQiLCJ1dGkiOiJlal84QlAtLW1rZWNNWjdncFJNR0FBIiwidmVyIjoiMS4wIiwid2lkcyI6WyI2MmU5MDM5NC02OWY1LTQyMzctOTE5MC0wMTIxNzcxNDVlMTAiXX0.e1RpyZDQzqlV11uyRXWRmaqf6wk2mg763muoIiMG2Qq8DW221Rg91cLP5px6KSfhpd7nv-Ln_KUFsZ4IlJqfmsrfCL_vgKHjYQuRDv2BY8-vrIqUC_5XVA_sj2Ib7iT7SjDYyMv6QDZM2rf7kVggvRuaZihUxxGZWby84EXD8KKAYfAQGo3r6AceuSDJOvToMy-Kp-MEqRuzExZdq2p1_qRIBtHe8Its4xuR8ZHEVqWnY0Y_qeVA8uxl3mQxZSvH8BVYn4Bdy_VZcNtrNKt3YpHFzG4kgy5V6wGLecRI7IBzYd4uK_FwpaYXHpkrSbO0ATEX3tjrgPnHbicA053Ilw
Content-Length: 1600
{
"name": "Test Printer",
"manufacturer": "Test Manufacturer",
"model": "Test Model",
"device_type": "printer",
"device_id": "a188d9e8-8daa-44c9-862b-d6202bcf1b68",
"certificate_request":
{
"type": "pkcs10",
"data": "MIICpDCCAYwCAQAwYTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1JlZG1vbmQxFzAVBgNVBAoMDk1pY3Jvc29mdCBDb3JwMRIwEAYDVQQDDAlNaWNyb3NvZnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ1xUdFKBlFdS9dHqSrD7YS0ZJ6MgcYy5wI3P0wOWrDi28OCBLbt6HBg02KDh1MlmVrfIR2O6WWeJ59M63JuwEn2e2WoGnIb/M6NyANyBBmgZ3bjp39UJHbXtYYXm/VJrPcOLM09dST7KR1zAcD2J+rnK8ZVUtYuTl58D7R6zsrYshw5CwxfLYPXeXwiSoKhtEC8Xn1lz3mi5B2SdsFHdjaQb6E0tCG5zdrVzzhCEVPaoo4e9SCTB9jDNulTU1ZkHzGBk+UzlKv4APsclyGCTEgA01T6/ueBrVeKY9d4DYfz/pu4sm0Vf1E+2hggtwbBOP60sFtkfnKiwtVoDF1KC9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBACdggPBJ5MoJJ3QjVYDypuJGWDVWBT0G4pXNZHNz5Q4OVDze7aCw3Sl78Qdzy++XsrSXjtyZyEb+A5R36YKTpzRBCHSOWyZkZKpxj0Uo8/+RzjzJ1uvtwfhelfQ6EVktFsz6a2hixcaa47bN/bjj9stJbbRsxjJwR1K5YI/i+9DaUE7r7VDXiknQ7/ZyEYquAqY/O/LEnFOGhkSvkLlFPTbnJ7fzURyNnQhmp8p3DMj5dXYgKfWPxViqvJChx8pJf9zM4TjzaTZIj08tSOp2LtWGeMNkFgYJH4URe3t4OPx5crkKj8i5aIW1Ulb8ezJLW1IU7W8hF71ooZWFTOsAnjQ=",
"transport_key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydcVHRSgZRXUvXR6kqw+2EtGSejIHGMucCNz9MDlqw4tvDggS27ehwYNNig4dTJZla3yEdjullniefTOtybsBJ9ntlqBpyG/zOjcgDcgQZoGd246d/VCR217WGF5v1Saz3DizNPXUk+ykdcwHA9ifq5yvGVVLWLk5efA+0es7K2LIcOQsMXy2D13l8IkqCobRAvF59Zc95ouQdknbBR3Y2kG+hNLQhuc3a1c84QhFT2qKOHvUgkwfYwzbpU1NWZB8xgZPlM5Sr+AD7HJchgkxIANNU+v7nga1XimPXeA2H8/6buLJtFX9RPtoYILcGwTj+tLBbZH5yosLVaAxdSgvQIDAQAB"
}
}
1.2.1.1.7.6 Response v1.0
HTTP/1.1 202 Accepted
Date: Thu, 27 Jun 2019 22:47:34 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
{
"registration_id": "fbbd6371-7e88-4881-8818-8d2ea2e8fe88",
"interval": 5
}
1.2.1.2 Getting Registration Status
After the registration request has been successfully accepted, the printer will poll the /register endpoint for the status of the registration request. The printer should poll based on the interval value received in the registration response and must provide the registration_id received.
1.2.1.2.1 HTTP Request
GET /api/{version}/register?{Query Parameters}
{version} is the version of the UP Registration API/protocol that the printer is using.
Currently supported versions are:
- v1.0
{Query Parameters} are specified in the next section.
1.2.1.2.2 Request Headers
For v1.0:
| Name | Description |
|---|---|
| Authorization | Bearer {token} Required. The printer must sign-in the admin to Azure AD, or follow the Device Code flow. Same token acquired for first register request can be used. |
1.2.1.2.3 Request Query Parameters
| Parameter name | Description | Required |
|---|---|---|
| registration_id | The registration ID received from the response of the registration request. | Yes |
1.2.1.2.4 Successful Responses
The following HTTP status codes will be returned for the following "success" scenarios:
| HTTP Status Code | Registration Phase |
|---|---|
| 200 (OK) | Registration Complete |
| 202 (Accepted) | Registration In Progress - Please make another request after the interval time has passed |
Response Payloads
Registration In Progress (202 Accepted):
The registration response payload will be in JSON format with the following values (case sensitive):
| Value name | Value type | Description | Required |
|---|---|---|---|
| interval | integer | Polling interval time (in seconds) to check for completion of the registration request. Note, the polling interval time will not necessary be the same each time. | Yes |
Registration Complete (200 OK):
The registration response payload will be in JSON format with the following values (case sensitive):
| Value name | Value type | Description | Required |
|---|---|---|---|
| cloud_device_id | string | The UUID of the printer in the Cloud that this printer represents. | Yes |
| certificate | string | Base64-encoded Signed X.509 Certificate. | Yes |
| print_svc_url | string | The URL to the Universal Print (UP) service that handles printer operations. | Yes |
| notification_url | string | The URL that should be used by the printer to listen for notifications (new print job, cancel print job, etc...). | Yes |
| mcp_svc_resource_id | string | The Resource ID of the UP service. Required when requesting OAuth token for communication with the UP and UP Notification Services. | Yes |
| device_token_url | string | The URL of the Secure Token Authority (STA) that the printer should use to get tokens for the UP and UP Notification Services. | Yes |
1.2.1.2.5 Error Response
On error, the following HTTP status codes will be returned along with an error response payload. The error response payload will contain an error JSON object following the format in section 2.
HTTP Status Codes
| HTTP Status Code | Description |
|---|---|
| 400 (Bad Request) | The request is invalid or malformed. See error response payload for details. Registration should be re-started. |
| 500 (Internal Server Error) | An internal error has occurred in the service. See error response payload for details. Registration should be re-started. |
Error Codes
| Error Codes | Description | HTTP Status Code |
|---|---|---|
| invalid_registration_id | The registration ID provided is invalid. This can occur if the registration ID was stored incorrectly or if the printer registration has not completed within the registration timeout. Registration should be re-started. | 400 |
| device_already_exists | The device that is being registered is already registered. The Admin should check the UP portal to see if the device being registered is present. If it is, it could be a stale entry that the Admin forgot to delete/un-register. Registration should be re-started. | 400 |
| user_token_error | The service failed to get the user token to perform registration. Registration should be re-started. | 500 |
| storage_error | The service experienced an error with Back-end Storage. Registration should be re-started. | 500 |
| service_error | An error occurred in the service. See error_description for more details. Registration should be re-started. | 500 |
1.2.1.2.6 Examples
1.2.1.2.6.3 Request v1.0
GET https://register.print.microsoft.com/api/v1.0/register?registration_id=bb86db79-2918-
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkZ6U3pHTVZ1a0U2Nm9EQnpwR0JUY2NBMlVRYyIsImtpZCI6IkZ6U3pHTVZ1a0U2Nm9EQnpwR0JUY2NBMlVRYyJ9.eyJhdWQiOiJodHRwczovL3ByaW50LnByaW50LXBwZS5taWNyb3NvZnQuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy1wcGUubmV0LzIwZGY5NTlmLWE0OTItNGU3NC05N2E3LTE0YWJiM2ZlZjFkYi8iLCJpYXQiOjE1NjE2NzUxNjYsIm5iZiI6MTU2MTY3NTE2NiwiZXhwIjoxNTYxNjc5MDY2LCJhY3IiOiIxIiwiYWlvIjoiNDJOZ1lOQXNYbUtTSHZSM3Jvcjd2RVdMMWtmc0NMUi93R085cjYzMGl2T1RLWlVoV1ZzQSIsImFtciI6WyJwd2QiXSwiYXBwaWQiOiI0MTdhZTZlYi1hYWM4LTQyYzgtOTAwYy0wZTUwZGViYmE2ODgiLCJhcHBpZGFjciI6IjAiLCJmYW1pbHlfbmFtZSI6IlN0YWdlciIsImdpdmVuX25hbWUiOiJNYWRlbGluZSIsImdyb3VwcyI6WyI1YjljNGVkMS0yMWUyLTRkNzktYjE0Zi1mMzYyMTI5ODcyYjIiXSwiaXBhZGRyIjoiMTMxLjEwNy4xNTkuMjAiLCJuYW1lIjoiTWFkZWxpbmUgU3RhZ2VyIiwib2lkIjoiYzJmMjg2NDctMWQ4ZS00YTdhLWIzZjctZjU4YmQ3ODYxODk4IiwicHVpZCI6IjEwMDM0MDAwMDA2OEJFQzgiLCJzY3AiOiJzYW1wbGVzLnJlYWQgc2FtcGxlcy53cml0ZSIsInN1YiI6IlR6b2hRcmNzTHNjNUNHR09hWndxa1ZiajhaSkh4MnB1dzdpcWhWVXFWRGsiLCJ0ZW5hbnRfY3RyeSI6IlVTIiwidGlkIjoiMjBkZjk1OWYtYTQ5Mi00ZTc0LTk3YTctMTRhYmIzZmVmMWRiIiwidW5pcXVlX25hbWUiOiJtYXN0YWdlckBjbG91ZHByaW50cHBlLmNjc2N0cC5uZXQiLCJ1cG4iOiJtYXN0YWdlckBjbG91ZHByaW50cHBlLmNjc2N0cC5uZXQiLCJ1dGkiOiJlal84QlAtLW1rZWNNWjdncFJNR0FBIiwidmVyIjoiMS4wIiwid2lkcyI6WyI2MmU5MDM5NC02OWY1LTQyMzctOTE5MC0wMTIxNzcxNDVlMTAiXX0.e1RpyZDQzqlV11uyRXWRmaqf6wk2mg763muoIiMG2Qq8DW221Rg91cLP5px6KSfhpd7nv-Ln_KUFsZ4IlJqfmsrfCL_vgKHjYQuRDv2BY8-vrIqUC_5XVA_sj2Ib7iT7SjDYyMv6QDZM2rf7kVggvRuaZihUxxGZWby84EXD8KKAYfAQGo3r6AceuSDJOvToMy-Kp-MEqRuzExZdq2p1_qRIBtHe8Its4xuR8ZHEVqWnY0Y_qeVA8uxl3mQxZSvH8BVYn4Bdy_VZcNtrNKt3YpHFzG4kgy5V6wGLecRI7IBzYd4uK_FwpaYXHpkrSbO0ATEX3tjrgPnHbicA053Ilw
Host: register.print.microsoft.com
1.2.1.2.6.4 In Progress Response v1.0
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache
{
"interval": 15
}
1.2.1.2.6.7 Completed Response v1.0
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 267
Content-Type: application/json; charset=utf-8
{
"cloud_device_id": "7c907b43-d8f0-4e42-a279-1e37eb4fd2bf",
"certificate": "MIID8jCCAtqgAwIBAgIQR2Y15zkurJhCGxcaQ0d7tjANBgkqhkiG9w0BAQsFADB4MXYwEQYKCZImiZPyLGQBGRYDbmV0MBUGCgmSJomT8ixkARkWB3dpbmRvd3MwHQYDVQQDExZNUy1Pcmdhbml6YXRpb24tQWNjZXNzMCsGA1UECxMkODJkYmFjYTQtM2U4MS00NmNhLTljNzMtMDk1MGMxZWFjYTk3MB4XDTE4MDExOTAwNTIxM1oXDTI4MDExOTAxMjIxM1owLzEtMCsGA1UEAxMkZjVlYjVmNWUtMDYyNC00YTNiLThmZjItNjQ5ZTAyM2ZiNzJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQc0Twp+vlT5Vc74zLoXbrufcIKnoW980OWFKHf7lRlRqjj9MWpea99j+3K8JQSoifXJvS5QzyjXrH9phsrfX84I258y6dM/aUadLYYKjO38wx9c1vQppZi1P3LcDaJiXPgNQ8omWCtDNoVwQlTUmB9Pq6h+V6S4P59Mq9cem6yEE7pu4DLqLSB68jexvLQnuGDfn6PsVUC3ML21zDmAr3QDikiZDe9Iy03IRrXvl6obj5QZtkGFbK9ueArFcWpymsEK
FfVhrKL7ca/rAEFHsHacJYHkJNMw3Qzs0yMYZRsH/fS+eBebvQWUEujQ+BX8xZQX48ukwtC8R37RsqrLjwIDAQABo4HAMIG9MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwIgYLKoZIhvcUAQWCHAIEEwSBEF5f6/UkBjtKj/JkngI/ty0wIgYLKoZIhvcUAQWCHAMEEwSBEHXH6W+38IhBoi1uqlWcNhUwIgYLKoZIhvcUAQWCHAUEEwSBEAWT1qlxl5pLvXhzFTIfL2swFAYLKoZIhvcUAQWCHAgEBQSBAk5BMBMGCyqGSIb3FAEFghwHBAQEgQEwMA0GCSqGSIb3DQEBCwUAA4IBAQCXpFMa9DCgIIJTD3RlEyPN8WB/HgMkhLBqwtZugkmIn8D80ckuhrfa2jJfWkNxEfFXanjq9B4tAvkNt7vBXiYw+PKj8+CE5FgfUTNtIw3Q/06tnJBj20mz28ZNbdRUgXzxXiY7oZss54dbHH+7TFO9k9Pm1CuUOzLFX4LeC48wo/S6uN7JDeID6pQjcR00eYJ+gcD800AXBYXrqSreYhdtl1swcD71qgshELAo2qXu0kzuKj05GIB5SXFOoU+KhuB0LMuEZF5rsQPN4KcasGaAb/8MIORAxkYStNLQZQLYbDve/dUownbfruW/o3tnjJP0GA0gY/Ohv5ssgrCFsiBq",
"print_svc_url": "https://print.print.microsoft.com/",
"notification_url": "https://notification.print.microsoft.com/",
"mcp_svc_resource_id":"https://print.print.microsoft.com",
"device_token_url": "https://login.microsoftonline.com/common/oauth2/token"
}
1.2.1.3 Authentication
Before registering the printer must authenticate the admin to Azure AD, by follow the Device Code flow or another authorization flow. The printer admin access token obtained must be sent in the authorization header of the request to register a printer. Documentation of device code and other authentication flows supported by Azure AD can be found at Supported authentication flows.
1.2.1.3.1 Device Code Flow Parameters
Documentation of Azure AD support of the device code flow can be found at OAuth 2.0 device code flow. The client_id listed below is temporary. We will provide additional information in the near future.
| Parameter Name | Description | Required |
|---|---|---|
| tenant | Use "Organizations" for the tenant parameter. | Yes |
| client_id | Use registered client ID for the client_id. Additional information at Registering OEM Client. |
Yes |
| scope | Use https://print.print.microsoft.com/.default for the scope |
Yes |
1.2.1.3.2 Example Device Code Flow Requests
1.2.1.3.2.1 Initiate the device code flow
Request:
POST https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode HTTP/1.1
Accept-Charset: utf-8
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: login.microsoftonline.com
Content-Length: 103
Expect: 100-continue
Connection: Keep-Alive
client_id=<registered_client_id>&scope=https%3A%2F%2Fprint.print.microsoft.com%2F.default
Response:
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 473
{
"user_code": "FMTB7B3WR",
"device_code": "FAQABAAEAAAAP0wLlqdLVToOpA4kwzSnx3SB1wjNptiBt5jFM8ePgJKGOjX-WOEksHYT3zgqz9VVg4MqY8J6Tej_rpniyj4WjOsVe-RCJuGexX-IwPKDK-df38P0zpLv5ktxSCflT_F-8Cbef6BRDpk0Qm-lPOhC4bcbtdIaM8yqf-cS962rGC9VdVNFVFStePppCDRcumjAgAA",
"verification_uri": "https://microsoft.com/devicelogin",
"expires_in": 900,
"interval": 5,
"message": "To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code FMTB7B3WR to authenticate."
}
1.2.1.3.2.2 Retrieving the user token
Request:
POST https://login.microsoftonline.com/tenant/oauth2/v2.0/token HTTP/1.1
Accept-Charset: utf-8
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: login.microsoftonline.com
Content-Length: 289
Expect: 100-continue
grant_type=device_code&client_id=<registered_client_id>&device_code=FAQABAAEAAAAP0wLlqdLVToOpA4kwzSnx3SB1wjNptiBt5jFM8ePgJKGOjX-WOEksHYT3zgqz9VVg4MqY8J6Tej_rpniyj4WjOsVe-RCJuGexX-IwPKDK-df38P0zpLv5ktxSCflT_F-8Cbef6BRDpk0Qm-lPOhC4bcbtdIaM8yqf-cS962rGC9VdVNFVFStePppCDRcumjAgAA
Response: authorization_pending, user has not logged in yet.
HTTP/1.1 400 Bad Request
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 469
{
"error": "authorization_pending",
"error_description": "AADSTS70016: Pending end-user authorization.\r\nTrace ID: 60997c8b-15ed-4d12-99b6-6da879fd1400\r\nCorrelation ID: 7300aba9-1698-4a4e-b6dd-66459a828108\r\nTimestamp: 2019-09-26 23:13:43Z",
"error_codes": [70016],
"timestamp": "2019-09-26 23:13:43Z",
"trace_id": "60997c8b-15ed-4d12-99b6-6da879fd1400",
"correlation_id": "7300aba9-1698-4a4e-b6dd-66459a828108",
"error_uri": https://login.microsoftonline.com/error?code=70016
}
Response: success, user has logged in, token is returned. This token can be used in the required authorization header (described in section 1.2.1.1.2) when sending a request to register a printer with Universal Print.
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 1763
{
"token_type": "Bearer",
"scope": "https://print.print.microsoft.com/Print.Device https://print.print.microsoft.com/.default",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImFQY3R3X29kdlJPb0VOZzNWb09sSWgydGlFcyIsImtpZCI6ImFQY3R3X29kdlJPb0VOZzNWb09sSWgydGlFcyJ9.eyJhdWQiOiJodHRwczovL3ByaW50LnByaW50Lm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9mMGQ4ODMyMy04OGY2LTQ4MTMtOGI0ZC05NGVjNjdlNjA3YmQvIiwiaWF0IjoxNTY5NTM5Mzc3LCJuYmYiOjE1Njk1MzkzNzcsImV4cCI6MTU2OTU0MzI3NywiYWNyIjoiMSIsImFpbyI6IkFTUUEyLzhNQUFBQVA1U1NzTklCYXRVQ2UxSGZXaEdvNHhqbUM4b2RCckNpeDNaN0dyZWJUMEE9IiwiYW1yIjpbInB3ZCJdLCJhcHBpZCI6IjQxN2FlNmViLWFhYzgtNDJjOC05MDBjLTBlNTBkZWJiYTY4OCIsImFwcGlkYWNyIjoiMCIsImdyb3VwcyI6WyIzMjVhNDljOS1mNjQ0LTQxNjEtODdmZS1kZTQ5ZGEyNDhjZTkiXSwiaXBhZGRyIjoiMTY3LjIyMC4yLjE4IiwibmFtZSI6Ik1hZGVsaW5lIFN0YWdlciIsIm9pZCI6ImIzZTE1ODM0LTAxZmUtNDIwNi05MjkwLTk5OTNiMzM1MWM2MSIsInB1aWQiOiIxMDAzN0ZGRUFDRjVBNUE1Iiwic2NwIjoiUHJpbnQuRGV2aWNlIiwic3ViIjoiN2hhQzVjdEZlYjZPVHBsMHROUDJmRDJVY3pWTFRjbTZlNkQ1eEZkOEpvYyIsInRlbmFudF9jdHJ5IjoiVVMiLCJ0aWQiOiJmMGQ4ODMyMy04OGY2LTQ4MTMtOGI0ZC05NGVjNjdlNjA3YmQiLCJ1bmlxdWVfbmFtZSI6Im1hc3RhZ2VyQGNsb3VkcHJpbnRwcm9kdWN0aW9uLm9ubWljcm9zb2Z0LmNvbSIsInVwbiI6Im1hc3RhZ2VyQGNsb3VkcHJpbnRwcm9kdWN0aW9uLm9ubWljcm9zb2Z0LmNvbSIsInV0aSI6Inp2N2EtdGRrR0VHQkFSMl9zWU1UQUEiLCJ2ZXIiOiIxLjAiLCJ3aWRzIjpbIjYyZTkwMzk0LTY5ZjUtNDIzNy05MTkwLTAxMjE3NzE0NWUxMCJdfQ.Nfz82GPdQUx6py2xwhVhI4hvpbLTdaaDSVFnGx4Eb3CeJHcQvCmmKoB9Lze7YITcEcLdxUkGEQGEXSh6M3yDrNP_hsoIROdWhe6RDjbYVPmJUL319lL4eNtQTJq8bKcJVbeM5SamlY1mBIhxH_sjL4TX0NN2RnDIuF_L1NSRW0IaHoZxzf257y0n7BqPROl3VpQ97wA8P-hhVBbfwwB9i-sLbsoCVszuE9JnHpgJPm6h9FDL9Px57ddTMZDvJchxOL5gUTA76gdRqUUzLROCMlz0R7vTJotl2RQnrzZBoNNoM9iJHL2KqQKuuezHEro1453lSRASiBkZHHEOFglzSg"
}
2. Error Response Structure
For the above APIs, on error, the following error structure will be returned in the payload in JSON format with the following values (case sensitive). These error responses are mainly for development purposes and it is up to the developer what to show to the user, if anything.
| Value name | Value type | Description | Required |
|---|---|---|---|
| error | string | An error code string that is used to classify the type of error that occurred. | Yes |
| error_description | string | A specific error message that can help identity the root cause of the error. | No |
| error_code | integer | Additional error code that can help diagnose the issue. | No |
| http_status_code | integer | The HTTP status code that was returned with this error response. | No |
| retry_timeout | integer | The number of seconds that the printer should wait before retrying the request. | No |
Each API above will list out its possible error code string(s).
2.1 Example Response
{
"error": "invalid_request",
"error_description": "Missing required field device_type"
}
3. Getting Printer Token
To get an access token that represents the printer, the printer will have to generate a JSON Web Token (JWT) and sign it with its certificate private key.
The procedure is as follows:
- Request a Nonce from the device token endpoint.
- Generate a device JWT with the proper information and sign it with the private key.
- Send a request to the device token endpoint with the JWT in the body.
3.1 Requesting a Nonce
To request a nonce, send a POST request to the device token endpoint with the body containing a server challenge.
3.1.1 HTTP Request
POST {device_token_url}
{device_token_url} is the URL received from the successful registration response (section 1.2.1.2.3).
3.1.2 Request Content-Type
application/x-www-form-urlencoded
3.1.3 Request Payload
grant_type=srv_challenge&windows_api_version=2.0
3.1.4 Successful Response
Returns 200 OK and the Nonce in the response payload in JSON format with the following values (case sensitive):
| Value name | Value type | Description | Required |
|---|---|---|---|
| Nonce | string | The nonce string to be used with the token request. | Yes |
3.1.5 Examples
3.1.5.1 Request
POST https://login.microsoftonline.com/425a8e89-feb9-40d2-9fe5-07fb45419e4b/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Length: 48
grant_type=srv_challenge&windows_api_version=2.0
#### Response
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 132
{
"Nonce": "AQABAAAAAADX8GCi6Js6SK82TsD2Pb7rO4c24C6C31bER-HgavkQr-xx11qx0DFkaB6rfm-ikMj\_eUCSQ12bS4Id06ae1CUQjd8jN7xc4uGK-PA6Bj83HyAA"
}
3.2 Generating the device JWT
The generated device JWT will contain the information needed for the token provider to issue a device access token to the printer. The next sections will detail the information needed in the JWT header, body and signature.
3.2.1 The JWT Header
The following JWT header parameters are needed:
| Value name | Value type | Description | Required |
|---|---|---|---|
| alg | string | The public key algorithm used to generate the public key. Must match the registration request information which should be "RS256". | Yes |
| typ | string | The type header parameter. Should be "JWT". | Yes |
| x5c | string | The full body of the device certificate (contains public key only). This is the certificate returned by the successful registration response. | Yes |
3.2.2 The JWT Body
The following JWT body parameters are needed:
| Value name | Value type | Description | Required |
|---|---|---|---|
| request_nonce | string | The nonce value obtained in section 3.1. | Yes |
| grant_type | string | The fixed literal string "device_token" that indicates to the server a device only token is needed. | Yes |
| resource | string | The target audience of the access token. This is the 'mcp_svc_resource_id' value returned by the successful Completed registration response. For example, https://print.print.microsoft.com | Yes |
| client_id | string | The Application (Client) ID of a registered Azure Application with API permissions to Universal Print. To create an Azure Application with the proper API permissions please refer to OEM client ID registration. | Yes |
| redirect_uri | string | A configured Redirect URI for the registered Azure Application used for 'client_id' in this section. To configure a Redirect URI for a registered Azure Application please follow OEM client ID registration. | Yes |
| iss | string | The Cloud Device ID the printer received from the successful registration response. | Yes |
3.2.3 The JWT Signature
The JWT signed by the device private key, which is used to prove that request was issued from device, and not replayed from a different one.
3.2.4 Example Generated JWT
{
"alg": "RS256",
"typ": "JWT",
"x5c": "MIID8jCCAtqgAwIBAgIQtJE/zIv3C5JOPoIeezhfLzANBgkqhkiG9w0BAQsFADB4MXYwEQYKCZImiZPyLGQBGRYDbmV0MBUGCgmSJomT8ixkARkWB3dpbmRvd3MwHQYDVQQDExZNUy1Pcmdhbml6YXRpb24tQWNjZXNzMCsGA1UECxMkODJkYmFjYTQtM2U4MS00NmNhLTljNzMtMDk1MGMxZWFjYTk3MB4XDTE4MDUxMDAzMjUzMVoXDTI4MDUxMDAzNTUzMVowLzEtMCsGA1UEAxMkZTlhNjc1YTItYTdjNS00ZmU3LThlODMtZmUxZWZhZjgyZWM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGw0ePNEZTNgDbTMMb+m8feCQY70yotozZnMFh5HehO2AvlaR1mZnAI+7rWd5pUdmPo83wGSchqj4cOsOQF699UEmZllDDpCMd9e/kkyFFQYVFBjLV67jUNyM5yDwCqSsNyTImuBQjpgOCoYt7nrsJ5nlaEiWB7HNMbPEJI8Szp9eMci/5j5ktRqU9SeWBUF7SIruaFKt5i7phTwx9ELJo554/yaQtJx5gZs1hpO/z9iLORu+13cj5aruvNZFnlyNyD7LNZ43J5biIIuqbFaUhCLBX70vuE/yhxkKjvyZwovP1PP5Bqc7ZLD6vIdh80bgJLd+xFKbL4OcD2DgxWI4QIDAQABo4HAMIG9MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwIgYLKoZIhvcUAQWCHAIEEwSBEKJ1punFp+dPjoP+Hvr4LsYwIgYLKoZIhvcUAQWCHAMEEwSBEHlLkyG0XmRHoNfDVt0FSVQwIgYLKoZIhvcUAQWCHAUEEwSBEImOWkK5/tJAn+UH+0VBnkswFAYLKoZIhvcUAQWCHAgEBQSBAk5BMBMGCyqGSIb3FAEFghwHBAQEgQEwMA0GCSqGSIb3DQEBCwUAA4IBAQB3q4Ey9AijQmHy0S3+fy1PV7pXq6aMhAgF7HvzmEwdmnjSCfvUd+fPkZA3tGQ6gkGlJ3mI4wq0xBZfk6YEQLLSuvukCphzZitz2NnpeCYMYpT2L7G1+EsIMu5+Wz84S4IO57IMBSLMDmsLLP2bHq+w1VOYgS9cO7Vha/nR3Z542LnaRKINUpFedHAtffv2tOQLRCPWk20KP5LEpKuEcM/r5EHFH6beKFuYePpJ7/dhKH69cZFWRtqgaV7BHxeDVr/n3kyHbDv1rwTXIYHaM3qEXDcSmyqEZqu0WEoz0FpVYt2pRw9pSb29+Y6n4vWTyWxVI8zMqDieYmaw7uXctqrr"
}.
{
"request_nonce": "AQABAAAAAADX8GCi6Js6SK82TsD2Pb7rO4c24C6C31bER-HgavkQr-xx11qx0DFkaB6rfm-ikMj\_eUCSQ12bS4Id06ae1CUQjd8jN7xc4uGK-PA6Bj83HyAA",
"grant_type": "device_token",
"resource": "https://microsoft.com/mcp",
"client_id": "1ef464e5-0b61-4c6f-b822-5dc015b9463e",
"redirect_uri": "https://print.print.microsoft.com/",
"iss": "e9a675a2-a7c5-4fe7-8e83-fe1efaf82ec6"
}.
[Signature]
3.3 Requesting a Device Access Token
To request a device token, send a POST request to the device token endpoint with the body containing the JWT generated in section 3.2.
3.3.1 HTTP Request
POST {device_token_url}
{device_token_url} is the URL received from the successful registration response (section 1.2.1.2.3).
3.3.2 Request Content-Type
application/x-www-form-urlencoded
3.3.3 Request Payload
Form URL encoded format with the following name/value pairs:
| Value name | Description/Value | Required |
|---|---|---|
| grant_type | Should be set to urn:ietf:params:oauth:grant-type:jwt-bearer. This indicates that the token request is described in a JWT. |
Yes |
| request | The Base-64 encoded JWT that was generated in section 3.2. | Yes |
Important
Make sure that 'cookies' are not included when sending the device token request. Sending cookies could result in unexpected behavior.
3.3.4 Successful Response
Returns 200 OK and the Access Token in the response payload in JSON format with the following main values (case sensitive):
| Value name | Value type | Description | Required |
|---|---|---|---|
| access_token | string | The requested access token as a signed JSON Web Token (JWT). The printer can use this token to authenticate to the secured resource, such as a web API. | Yes |
| token_type | string | Indicates the token type value. The only type that should be returned is currently Bearer. | Yes |
| device_info | string | A JWT representing the device. | Yes |
| expires_in | string | How long the access token is valid (in seconds). | Yes |
| expires_on | string | The time when the access token expires. The date is represented as the number of seconds from 1970-01-01T0:0:0Z UTC until the expiration time. This value is used to determine the lifetime of cached tokens. | Yes |
| not_before | string | The time before which the JWT MUST NOT be accepted for processing. | Yes |
| resource | string | The App ID URI of the web API (secured resource). | Yes |
3.3.5 Error Response
The detailed error responses are described here: Use the authorization code to request an access token
The response payload is in JSON format with the following main values (case sensitive):
| Value name | Value type | Description | Required |
|---|---|---|---|
| error | string | An error code string that can be used to classify types of errors that occur, and can be used to react to errors. | Yes |
| error_description | string | A specific error message that can help a developer identify the root cause of an authentication error. | No |
| error_codes | Array of integers | A list of STS-specific error codes that can help in diagnostics. | No |
| timestamp | string | The time at which the error occurred. | No |
| trace_id | string | A unique identifier for the request that can help in diagnostics. | No |
| correlation_id | string | A unique identifier for the request that can help in diagnostics across components. | No |
3.3.5.1 Critical Error
If the printer has been de-registered from the UP portal or the certificate expires, then the printer will fail to get a device access token. In this case, the device token endpoint will return "error": "invalid_grant" and "suberror": "device_authentication_failed". At this point, the printer should reset its state to be Unregistered as the device will need to be re-registered.
For example:
{
"error": "invalid_grant",
"error_description": "AADSTS70002: Error validating credentials. AADSTS50155: Device is not authenticated.\\r\\nTrace ID: b099e7ad-ccf8-4eb7-b105-cced2f724d00\\r\\nCorrelation ID: 0d72010c-5a1f-4c19-99a7-48df28c5db66\\r\\nTimestamp: 2018-05-14 01:06:51Z",
"error_codes": [70002, 50155],
"trace_id": "b099e7ad-ccf8-4eb7-b105-cced2f724d00",
"correlation_id": "0d72010c-5a1f-4c19-99a7-48df28c5db66",
"suberror": "device_authentication_failed"
}
3.3.6 Examples
3.3.6.1 Request
POST https://login.microsoftonline.com/425a8e89-feb9-40d2-9fe5-07fb45419e4b/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Charset: utf-8
Host: login.microsoftonline.com
Content-Length: 2737
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&request=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6Ik1JSUQ4akNDQXRxZ0F3SUJBZ0lRdEpFL3pJdjNDNUpPUG9JZWV6aGZMekFOQmdrcWhraUc5dzBCQVFzRkFEQjRNWFl3RVFZS0NaSW1pWlB5TEdRQkdSWURibVYwTUJVR0NnbVNKb21UOGl4a0FSa1dCM2RwYm1SdmQzTXdIUVlEVlFRREV4Wk5VeTFQY21kaGJtbDZZWFJwYjI0dFFXTmpaWE56TUNzR0ExVUVDeE1rT0RKa1ltRmpZVFF0TTJVNE1TMDBObU5oTFRsak56TXRNRGsxTUdNeFpXRmpZVGszTUI0WERURTRNRFV4TURBek1qVXpNVm9YRFRJNE1EVXhNREF6TlRVek1Wb3dMekV0TUNzR0ExVUVBeE1rWlRsaE5qYzFZVEl0WVRkak5TMDBabVUzTFRobE9ETXRabVV4WldaaFpqZ3laV00yTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFqR3cwZVBORVpUTmdEYlRNTWIrbThmZUNRWTcweW90b3pabk1GaDVIZWhPMkF2bGFSMW1abkFJKzdyV2Q1cFVkbVBvODN3R1NjaHFqNGNPc09RRjY5OVVFbVpsbEREcENNZDllL2treUZGUVlWRkJqTFY2N2pVTnlNNXlEd0NxU3NOeVRJbXVCUWpwZ09Db1l0N25yc0o1bmxhRWlXQjdITk1iUEVKSThTenA5ZU1jaS81ajVrdFJxVTlTZVdCVUY3U0lydWFGS3Q1aTdwaFR3eDlFTEpvNTU0L3lhUXRKeDVnWnMxaHBPL3o5aUxPUnUrMTNjajVhcnV2TlpGbmx5TnlEN0xOWjQzSjViaUlJdXFiRmFVaENMQlg3MHZ1RS95aHhrS2p2eVp3b3ZQMVBQNUJxYzdaTEQ2dklkaDgwYmdKTGQreEZLYkw0T2NEMkRneFdJNFFJREFRQUJvNEhBTUlHOU1Bd0dBMVVkRXdFQi93UUNNQUF3RmdZRFZSMGxBUUgvQkF3d0NnWUlLd1lCQlFVSEF3SXdJZ1lMS29aSWh2Y1VBUVdDSEFJRUV3U0JFS0oxcHVuRnArZFBqb1ArSHZyNExzWXdJZ1lMS29aSWh2Y1VBUVdDSEFNRUV3U0JFSGxMa3lHMFhtUkhvTmZEVnQwRlNWUXdJZ1lMS29aSWh2Y1VBUVdDSEFVRUV3U0JFSW1PV2tLNS90SkFuK1VIKzBWQm5rc3dGQVlMS29aSWh2Y1VBUVdDSEFnRUJRU0JBazVCTUJNR0N5cUdTSWIzRkFFRmdod0hCQVFFZ1FFd01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQjNxNEV5OUFpalFtSHkwUzMrZnkxUFY3cFhxNmFNaEFnRjdIdnptRXdkbW5qU0NmdlVkK2ZQa1pBM3RHUTZna0dsSjNtSTR3cTB4QlpmazZZRVFMTFN1dnVrQ3BoelppdHoyTm5wZUNZTVlwVDJMN0cxK0VzSU11NStXejg0UzRJTzU3SU1CU0xNRG1zTExQMmJIcSt3MVZPWWdTOWNPN1ZoYS9uUjNaNTQyTG5hUktJTlVwRmVkSEF0ZmZ2MnRPUUxSQ1BXazIwS1A1TEVwS3VFY00vcjVFSEZINmJlS0Z1WWVQcEo3L2RoS0g2OWNaRldSdHFnYVY3Qkh4ZURWci9uM2t5SGJEdjFyd1RYSVlIYU0zcUVYRGNTbXlxRVpxdTBXRW96MEZwVll0MnBSdzlwU2IyOStZNm40dldUeVd4Vkk4ek1xRGllWW1hdzd1WGN0cXJyIn0.eyJyZXF1ZXN0X25vbmNlIjoiQVFBQkFBQUFBQURYOEdDaTZKczZTSzgyVHNEMlBiN3JPNGMyNEM2QzMxYkVSLUhnYXZrUXIteHgxMXF4MERGa2FCNnJmbS1pa01qX2VVQ1NRMTJiUzRJZDA2YWUxQ1VRamQ4ak43eGM0dUdLLVBBNkJqODNIeUFBIiwiZ3JhbnRfdHlwZSI6ImRldmljZV90b2tlbiIsInJlc291cmNlIjoiaHR0cHM6Ly9taWNyb3NvZnQuY29tL21jcC1wcGUiLCJjbGllbnRfaWQiOiIxZWY0NjRlNS0wYjYxLTRjNmYtYjgyMi01ZGMwMTViOTQ2M2UiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL21jcC1wcGUuYXp1cmV3ZWJzaXRlcy5uZXQvIiwiaXNzIjoiZTlhNjc1YTItYTdjNS00ZmU3LThlODMtZmUxZWZhZjgyZWM2In0.bmvBY7cdD\_dGtbB9dXbjbj5qc5k9ssqOMe1KQnnUnChLz1nkgBMLU\_jBMwsAoHCvI\_udQAdDgyNmWFcnWxTY0sLARZ6FQmjbGclqrqhj\_kkJXdkNBdGcwIXafjQiFkpDlpTMbVjBWoQq49aW-e\_OcmfsVIg8DCdS-s87x0fJ3fuHzZJzVGEHC4D-43EPxWTXfVbsvOV7RNK15lq5GXm10W4DkRngK6EpMq69g75KCUqT\_MEEh5dGezl5Kic8RLZQ72n5aEpc5Y6XK85b1TdOtBnxogVjJFSsxpz1sOIpODszVu9CSUg4CHEjadpKQ9DiYCg6zB9D5fYbMf3NrGWC9Q
3.3.6.2 Response
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Content-Length: 2473
{
"token_type":"Bearer",
"expires_in":"3599",
"ext_expires_in":"0",
"expires_on":"1525928144","not_before":"1525924244","resource":"<https://microsoft.com/mcp>",
"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayIsImtpZCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayJ9.eyJhdWQiOiJodHRwczovL21pY3Jvc29mdC5jb20vbWNwLXBwZSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzQyNWE4ZTg5LWZlYjktNDBkMi05ZmU1LTA3ZmI0NTQxOWU0Yi8iLCJpYXQiOjE1MjU5MjQyNDQsIm5iZiI6MTUyNTkyNDI0NCwiZXhwIjoxNTI1OTI4MTQ0LCJhbXIiOlsicnNhIl0sImRldmljZWlkIjoiZTlhNjc1YTItYTdjNS00ZmU3LThlODMtZmUxZWZhZjgyZWM2IiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNDI1YThlODktZmViOS00MGQyLTlmZTUtMDdmYjQ1NDE5ZTRiLyIsImlkdHlwIjoiZGV2aWNlIiwiaXBhZGRyIjoiMTY3LjIyMC4wLjc0Iiwib2lkIjoiZjM5NjNiMDItY2NjNS00NTg5LTkwYjQtMDJkNTA0OWE5ZGY3Iiwic3ViIjoiZTlhNjc1YTItYTdjNS00ZmU3LThlODMtZmUxZWZhZjgyZWM2IiwidGlkIjoiNDI1YThlODktZmViOS00MGQyLTlmZTUtMDdmYjQ1NDE5ZTRiIiwidXRpIjoiV005dVBHbXltRWV3RmdpMl9PcEdBQSIsInZlciI6IjEuMCJ9.gjCICKD2NT69bro4wK8r6SJhP6CBflnBqmlpF3pITl\_1Klv1DNYTue7a-Tup0vkFu0inN8njTG7rxlK\_j4m2mn1iUuh6CO-o98hN6VzjrarvZceBzGtsiOU2jtdacWP4JmePtTaXRmGDlK-PbTLy\_v4VmbL\_cQN2RIEiwf81suwnBacko0xbQhO3cPmGwKZcB5kFV4tnHp0uBnxyfcpRfV-ZR9Age41LWDW1ulOsTVuv1Q4XmmOmStkh2-TH1jOq1did6jyK1LKncdsSvEhKeo49-yBNshGntPs24qWL2WShz5cMQ3w5OBbAUOwl1DL-\_NtcUjCwbaLRwS6Dyliejw\",\"device\_info\":\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayIsImtpZCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayJ9.eyJhdWQiOiJiYWZjYjg2Zi1kYWFhLTQxYjEtYjQ5NC04NjA0MzZhNGMzMGQiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80MjVhOGU4OS1mZWI5LTQwZDItOWZlNS0wN2ZiNDU0MTllNGIvIiwiaWF0IjoxNTI1OTI0MjQ0LCJuYmYiOjE1MjU5MjQyNDQsImV4cCI6MTUyNTkyODE0NCwiZGV2aWNlaWQiOiJlOWE2NzVhMi1hN2M1LTRmZTctOGU4My1mZTFlZmFmODJlYzYiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80MjVhOGU4OS1mZWI5LTQwZDItOWZlNS0wN2ZiNDU0MTllNGIvIiwiaWR0eXAiOiJkZXZpY2UiLCJvaWQiOiJmMzk2M2IwMi1jY2M1LTQ1ODktOTBiNC0wMmQ1MDQ5YTlkZjciLCJzdWIiOiJlOWE2NzVhMi1hN2M1LTRmZTctOGU4My1mZTFlZmFmODJlYzYiLCJ0aWQiOiI0MjVhOGU4OS1mZWI5LTQwZDItOWZlNS0wN2ZiNDU0MTllNGIiLCJ1dGkiOiJXTTl1UEdteW1FZXdGZ2kyX09wR0FBIiwidmVyIjoiMS4wIn0.CPNbz9Cr20Ig\_i7Fc8GUx1NVpGXqQs9HsNH3F-QxUeJsep7m1rwiTE8WXsfXxiNGco0j1HFykiHdAsE\_-ymeVXaUtA5InC3uEeiHuIihQGbo9GC5gibzjsS\_psfqE74v\_9o7WuJTjFhpGdl1h57sOX49la312uR\_Khr6I6tIGiFon-gn4rGq5U0O4NV\_5LeitiHUXxuVxD2O9J5vERpwmnQ0UtyxX9skyFGEtcEruNch6noy\_5710xbcYv-8uO4VM8tM6CoqigWg\_7o18OciJ0VRBmsFLZtJUOxVSlPKeFneFDyKujpttbMIP-0-FdS75qckkqGYzoVbSuzsIcJa5g"
}