we are not call /oauth/device would we need to? when in the flow would we need to do this? Dont see this in the documentation?
Hmmm. I think I must have been mistaken when I suggested that. I can't track down where I came up with that. My apologies.
I'm glad you found a solution.