I’m trying to revoke a refresh token with the Management API as described in the document.
However, when I run a curl command as follows, it fails with the errorCode: “insufficient_scope”
$ curl --header "Authorization: Bearer $TOKEN" \
--data '{"user_id": "auth0|xxx", "type": "refresh_token", "client_id": "xxx" }' \
https://xxx.us.auth0.com/api/v2/device-credentials
{"statusCode":403,"error":"Forbidden","message":"Insufficient scope, expected any of: create:current_user_device_credentials","errorCode":"insufficient_scope"}
Based on the document, it seems the API just needs read:device_credentials scope, but the error message is saying create:current_user_device_credentials is needed. Which one is correct?
By the way, I get the Bearer token with the following Node.js code:
const ManagementClient = require("auth0")
const auth0 = new ManagementClient.ManagementClient(
{
domain: ...,
clientId: '...',
clientSecret: '...',
scope: 'create:users read:users update:users read:device_credentials'
}
)
auth0.getAccessToken();
When I add the “create:current_user_device_credentials” to the scope of the ManagementClient constructor, I get an error that says:
{"error":"access_denied","error_description":"Client has not been granted scopes: create:current_user_device_credentials"}
Where can I set the scope appropriately?
Thanks,
Just for the record, the following one worked as expected: