Getting current user's Device Credentials IDs in SPA


I want to implement a use case where user can revoke Device Credentials he’s given to a CLI client. Even though this action is done over web application, I’d prefer not to give it general read:device_credentials, delete:user_credentails permissions, and use user’s access token instead, as it were a frontend application.

So during my Authorization Code flow I add appropriate audience and scope parameters to authorization request, I receive JWT Access token that backend can use to update user information over management API.

Per Get Management API Access Tokens for Single-Page Applications I can request delete:current_user_device_credentials, but how do I find out what the ID for delete request is when I cannot obtain read:current_user_device_credentials? What is the intended use of device credential management API without it?

1 Like