Querying Refresh Tokens Via the Management API

Problem statement

When calling the device-credentials endpoint, refresh tokens are not being returned, only an empty list is returned. The refresh tokens can be seen in the user profile dashboard. Is there some issue with this endpoint, and is it possible to see the refresh tokens associated with a given user_id?

Below is a sample request being used:

curl -H "Authorization: Bearer <TOKEN>
"https://tenant.us.auth0.com/api/v2/device-credentials?user_id=<user_id>&client_id=<client_id>&type=refresh_token"

Symptoms

  • Getting back an empty array when hitting the /api/v2/device-credentials/{id} route for a particular user
  • Without the above can’t continue further in RT revocation

Cause

This was due to specifying the wrong value for the parameter ‘type’ in the device-credentials API call. The options are ‘refresh_token’ and ‘rotating_refresh_token’.

Solution

Review the API request being made and confirm the correct ‘type’ is being specified. For example, to see rotating refresh tokens (RTR) related to a given user the following request would be made:

curl -H "Authorization: Bearer <TOKEN>
"https://tenant.us.auth0.com/api/v2/device-credentials?user_id=<user_id>&client_id=<client_id>&type=rotating_refresh_token"