Provisioning of access credentials using device codes

What is claimed: 1. A method comprising: receiving, by a provisioning server computer, a provisioning request message; receiving, by the provisioning server computer, an authorization code, the authorization code generated using at least a device code associated with a mobile device, wherein the device code is derived from a device identifier that specifically identifies the mobile device; validating, by the provisioning server computer, the authorization code; and responsive to validating the authorization code, provisioning, by the provisioning server computer, an access credential to the mobile device, wherein the authorization code is derived from the device code and the access credential. 2. The method of claim 1 , wherein the provisioning request message is received from the mobile device. 3. The method of claim 1 , wherein the provisioning request message is received from the mobile device via an intermediate server computer. 4. The method of claim 1 , wherein the access credential is configured to gain access to a location. 5. The method of claim 1 , wherein the provisioning request message comprises an account identifier. 6. The method of claim 1 , wherein the mobile device is a smartphone. 7. The method of claim 1 , further comprising: transmitting, by a communication device to an authorization computer, the device code; and receiving, by the communication device, the authorization code. 8. The method of claim 7 , wherein the communication device is a laptop computer, and the mobile device is a mobile phone. 9. The method of claim 1 , wherein the authorization code is generated by an authorization computer using a cryptographic key that is shared with the provisioning server computer. 10. The method of claim 1 , wherein the authorization code is formed from the device code, the access credential, a shared secret, and a salt. 11. The method of claim 1 , wherein the provisioning request message is a token request message. 12. The method of claim 1 , wherein the access credential comprises a token. 13. The method of claim 1 , further comprising: transmitting, by the provisioning server computer, the device code to the mobile device. 14. The method of claim 1 , further comprising: determining, by the provisioning server computer, a risk associated with provisioning the access credential to the mobile device. 15. A provisioning server computer comprising: a processor; and a computer readable medium, the computer readable medium comprising code, executable by the processor to implement actions including: receiving a provisioning request message; receiving an authorization code, the authorization code generated using at least a device code associated with a mobile device, wherein the device code is derived from a device identifier that specifically identifies the mobile device; validating the authorization code; and responsive to validating the authorization code, provisioning, an access credential to the mobile device, wherein the authorization code is derived from the device code and the access credential. 16. The provisioning server computer of claim 15 , wherein the actions further comprise: transmitting, by the provisioning server computer, the device code to the mobile device. 17. The provisioning server computer of claim 15 , wherein the actions further comprise determining, by the provisioning server computer, a risk associated with provisioning the access credential to the mobile device.