Failing to call GET /api/v2/device-credentials endpoint

I’m trying to revoke a refresh token with the Management API as described in the document.

However, when I run a curl command as follows, it fails with the errorCode: “insufficient_scope”

$ curl --header "Authorization: Bearer $TOKEN" \
       --data '{"user_id": "auth0|xxx", "type": "refresh_token", "client_id": "xxx" }' \
     https://xxx.us.auth0.com/api/v2/device-credentials

{"statusCode":403,"error":"Forbidden","message":"Insufficient scope, expected any of: create:current_user_device_credentials","errorCode":"insufficient_scope"}

Based on the document, it seems the API just needs read:device_credentials scope, but the error message is saying create:current_user_device_credentials is needed. Which one is correct?

By the way, I get the Bearer token with the following Node.js code:

const ManagementClient = require("auth0")
const auth0 = new ManagementClient.ManagementClient(
  {
    domain: ...,
    clientId: '...',
    clientSecret: '...',
    scope: 'create:users read:users update:users read:device_credentials'
  }
)

auth0.getAccessToken();

When I add the “create:current_user_device_credentials” to the scope of the ManagementClient constructor, I get an error that says:

{"error":"access_denied","error_description":"Client has not been granted scopes: create:current_user_device_credentials"}

Where can I set the scope appropriately?

Thanks,

Hi @yasunori.mahata,

Welcome to the Auth0 Community!

It looks like you are trying to send a POST request (you are using the --data flag) when should be sending a GET request.

1 Like

Hi @dan.woda, thanks for your support!

Yeah, it was caused by my stupid mistake :man_facepalming: Just for the record, the following one worked as expected:

$ curl --request GET --header "Authorization: Bearer $TOKEN" "https://xxx.us.auth0.com/api/v2/device-credentials?type=refresh_token&client_id=xxx&user_id=auth0%7Cxxx"
1 Like

Thanks for posting your update! Glad you got it resolved :grinning_face_with_smiling_eyes: