When you omit user_code parameter on device code flow you get a http 400 with the following error description.
400 would seem correct, but internal server error message could be improved.
Steps to reproduce:
1) Set up oauth client and service.
2) Get device code
call device/user with user_code=
DeviceCodeVerificationResource calls tokenStore.readDeviceCode with empty code and a
ServerException is thrown.
Just need to check for presence of device code and throw bad request/missing param exception.