I am writing a small command-line utility that authenticates to an Azure AD server using Microsoft's implementation of the oauth2 "device flow" process (via a web request) as described here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code
As described in that documentation, the device authorization request returns a user_code (eg, ABC999XYZ) and a verification_uri (which in this case is https://microsoft.com/devicelogin): the user is suppose to go to that URI and enter the supplied user_code. Although this works, it's a pain for the user.
The documentation says that the request will also return verification_uri_complete, which effectively includes the user_code (so that the user doesn't have to copy it into a web form). But, at least when I try it, there is no such return parameter. (And to be fair, the official oauth2 spec says that it's optional. But Microsoft's documentation doesn't say it's optional.)
Is there any way to get a verification_uri_complete?
The documentation is incorrect I'm afraid - we haven't added support for it /yet/ but are considering it in the future. Apologies for the confusion. I'm submitting a fix now for the docs.
The verification_uri_complete response field is not included or supported at this time. We mention this because if you read the standard you see that verification_uri_complete is listed as an optional part of the device code flow standard.