fix: code samples

Author: DaveOrDead

src/content/docs/authenticate/device-authorization-flow/api-calls.mdx

@@ -64,23 +64,32 @@ curl -X GET https://<your-subdomain>.kinde.com/oauth2/v2/user_profile \
 You can also validate tokens in your own API by verifying the JWT signature and claims:
 
 ```javascript
-// Node.js example using jsonwebtoken
-const jwt = require("jsonwebtoken");
-
-function validateToken(token) {
-  try {
-    const decoded = jwt.verify(token, "YOUR_JWT_SECRET");
-    return {
-      valid: true,
-      user: decoded
-    };
-  } catch (error) {
-    return {
-      valid: false,
-      error: error.message
-    };
-  }
-}
++// Node.js example using jsonwebtoken with JWKS
++const jwt = require("jsonwebtoken");
++const jwksClient = require("jwks-rsa");
++
++const client = jwksClient({
++  jwksUri: "https://<your-subdomain>.kinde.com/.well-known/jwks"
++});
++
++function getKey(header, callback) {
++  client.getSigningKey(header.kid, (err, key) => {
++    const signingKey = key.publicKey || key.rsaPublicKey;
++    callback(null, signingKey);
++  });
++}
++
++function validateToken(token) {
++  return new Promise((resolve, reject) => {
++    jwt.verify(token, getKey, { algorithms: ["RS256"] }, (err, decoded) => {
++      if (err) {
++        resolve({ valid: false, error: err.message });
++      } else {
++        resolve({ valid: true, user: decoded });
++      }
++    });
++  });
++}
 ```
 
 ## Scope enforcement for device authorization

src/content/docs/authenticate/device-authorization-flow/overview.mdx

@@ -31,7 +31,6 @@ Kinde's device authorization flow adheres to `RFC 8628`, also known as the OAuth
 
 **Parameters**:
 
-- `grant_type`: `urn:ietf:params:oauth:grant-type:device_code`
 - `client_id` (optional): Your application's client ID - can be omitted if you have set an application as the default for device flows
 - `audience` (optional): The audience to use for the request
 
@@ -69,12 +68,12 @@ Kinde's device authorization flow adheres to `RFC 8628`, also known as the OAuth
 {
   "access_token": "eyJ...",
   "expires_in": 86400,
-  "scope": "", 
+  "scope": "",
   "token_type": "bearer"
 }
 ```
-The scope field may be empty because granted scopes are carried in the access token’s scope claim.
 
+The scope field may be empty because granted scopes are carried in the access token’s scope claim.
 
 **Example error response**:
 
@@ -109,12 +108,12 @@ The device must poll the token endpoint at regular intervals until the user comp
 - **Verification URI**: Users should verify they're on the correct domain.
 - **Token expiration**: Access tokens expire after 1 hour by default.
 
-## Specifying an audience in a device authorization request 
+## Specifying an audience in a device authorization request
 
 If an `audience` is specified in the request, the access token will include the audience in the `aud` claim. Kinde supports requesting multiple audiences.
 
 The API must be authorized for the device authorization application.
 
-## Scopes and permissions for a device authorization request 
+## Scopes and permissions for a device authorization request
 
 If an audience is specified in the request, any scopes which are belong to that audience that are granted to the user by their role will also be granted to the device. The list of scopes will be displayed on the consent screen. If the user consents, the scopes will be included in the `scope` claim of the access token.

src/content/docs/authenticate/device-authorization-flow/quick-start.mdx

@@ -38,8 +38,7 @@ Request a device code from Kinde's authorization endpoint:
 ```bash
 curl -X POST https://<your-subdomain>.kinde.com/oauth2/device/auth \
   -H "Content-Type: application/x-www-form-urlencoded" \
-  -d "client_id=<YOUR_CLIENT_ID>" \
-  -d "grant_type=urn:ietf:params:oauth:grant-type:device_code"
+  -d "client_id=<YOUR_CLIENT_ID>"
 ```
 
 The response will include a `device_code`, `user_code`, and `verification_uri`: