> ## Documentation Index
> Fetch the complete documentation index at: https://www.ravion.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth 2.0 device authorization approval

> Records a logged-in user's approve/deny decision for a pending device authorization request. Cookie-authenticated only (mirrors /oauth/authorize): a Bearer credential cannot approve a device grant on the user's behalf.



## OpenAPI

````yaml https://api.ravion.com/openapi.yaml post /oauth/device/approve
openapi: 3.0.0
info:
  title: Ravion
  version: 0.0.0
servers:
  - url: https://api.ravion.com
security:
  - BearerAuth: []
tags:
  - name: Projects
  - name: Environments
  - name: Pipelines
  - name: PipelineRuns
  - name: TerraformResources
  - name: TerraformExecutionSummaries
  - name: PipelineStepExecutions
  - name: AwsCloudWatch
  - name: PipelineVersions
  - name: Organizations
  - name: Stacks
  - name: StackWorkspaces
  - name: Auth
  - name: OAuth
  - name: User
  - name: Health
  - name: Memberships
  - name: ServiceAccounts
  - name: AwsDefaultNetworks
  - name: AwsAccounts
  - name: ApiKeys
  - name: ExecutionEnvironments
  - name: ModuleDefinitions
  - name: ModuleVersions
  - name: ModuleInstances
  - name: DefaultValueDefinitions
  - name: DefaultValues
  - name: CodeSources
  - name: Github
  - name: Gitlab
  - name: Git
  - name: Values
  - name: Deployments
  - name: DeploymentResources
  - name: InfrastructureEvents
  - name: WebSocket
  - name: Describe
paths:
  /oauth/device/approve:
    post:
      tags:
        - OAuth
      summary: OAuth 2.0 device authorization approval
      description: >-
        Records a logged-in user's approve/deny decision for a pending device
        authorization request. Cookie-authenticated only (mirrors
        /oauth/authorize): a Bearer credential cannot approve a device grant on
        the user's behalf.
      operationId: OAuthDeviceApprove
      requestBody:
        content:
          application/json:
            schema:
              additionalProperties: false
              properties:
                data:
                  $ref: '#/components/schemas/OAuth.DeviceApproveRequest'
              required:
                - data
              type: object
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                additionalProperties: false
                properties:
                  data:
                    $ref: '#/components/schemas/OAuth.DeviceApproveResponse'
                required:
                  - data
                type: object
          description: The request has succeeded.
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Errors.UserFacingErrorData'
          description: The request is invalid or malformed.
        '401':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Errors.UserFacingErrorData'
          description: You are not authenticated
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Errors.UserFacingErrorData'
          description: You do not have permission to access this resource.
        '422':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Errors.UserFacingErrorData'
          description: Client error
        '500':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Errors.UserFacingErrorData'
          description: Server error
components:
  schemas:
    OAuth.DeviceApproveRequest:
      additionalProperties: false
      description: >-
        Device approval request body. The browser /oauth/device page posts the
        user-entered code and the user's decision after they sign in.
      properties:
        approved:
          description: true to grant the CLI access, false to deny.
          type: boolean
        user_code:
          description: >-
            The user_code displayed by the CLI. Accepts the grouped (XXXX-XXXX)
            or bare form; case-insensitive.
          type: string
      required:
        - user_code
        - approved
      type: object
    OAuth.DeviceApproveResponse:
      additionalProperties: false
      description: Device approval response.
      properties:
        approved:
          description: Echoes the recorded decision.
          type: boolean
      required:
        - approved
      type: object
    Errors.UserFacingErrorData:
      additionalProperties: false
      description: |-
        User-facing error presentation data.
        This is what the API returns to the frontend after formatting ErrorData
        using CEL templates from the error registry.

        Used for both:
        - Error fields on domain models (e.g., PipelineRun.error)
        - API error response bodies (HTTP 4xx/5xx responses)
      properties:
        action:
          allOf:
            - $ref: '#/components/schemas/Errors.Action'
          description: Optional action to help resolve the error
        code:
          description: Full error code, e.g., "Ravion:Pipeline:NOT_FOUND"
          type: string
        description:
          description: Additional description with more details
          type: string
        details:
          description: Structured details rendered as user-facing sections.
          items:
            $ref: '#/components/schemas/Errors.UserFacingErrorDetailSection'
          type: array
        isInternal:
          description: >-
            Indicates whether this error is internal (only set when
            ShowInternal=true).

            This allows SUPERADMINs to identify internal errors while viewing
            full details.
          type: boolean
        message:
          description: Main error message (required)
          type: string
        metadata:
          additionalProperties: {}
          description: >-
            Error params/metadata. Stripped for internal errors unless
            superadmin.
          type: object
        requestId:
          description: Request ID for correlating errors with server logs.
          type: string
      required:
        - code
        - message
      type: object
    Errors.Action:
      additionalProperties: false
      description: Action to help user resolve the error
      properties:
        label:
          description: Button/link label text
          type: string
        url:
          description: URL to navigate to for resolution
          type: string
      required:
        - label
        - url
      type: object
    Errors.UserFacingErrorDetailSection:
      additionalProperties: false
      description: Structured user-facing error detail section.
      properties:
        items:
          description: List of detail values for this section.
          items:
            type: string
          type: array
        object:
          additionalProperties: {}
          description: Structured detail payload for object rendering.
          type: object
        render:
          description: Rendering hint for clients. Valid values are list or object.
          type: string
        title:
          description: Detail section title shown in the UI.
          type: string
      required:
        - title
        - render
      type: object
  securitySchemes:
    BearerAuth:
      scheme: Bearer
      type: http

````