Problem statement
When calling the device-credentials endpoint, refresh tokens are not being returned, only an empty list is returned. The refresh tokens can be seen in the user profile dashboard. Is there some issue with this endpoint, and is it possible to see the refresh tokens associated with a given user_id?
Below is a sample request being used:
curl -H "Authorization: Bearer <TOKEN>
"https://tenant.us.auth0.com/api/v2/device-credentials?user_id=<user_id>&client_id=<client_id>&type=refresh_token"
Symptoms
- Getting back an empty array when hitting the /api/v2/device-credentials/{id} route for a particular user
- Without the above can’t continue further in RT revocation
Cause
This was due to specifying the wrong value for the parameter ‘type’ in the device-credentials API call. The options are ‘refresh_token’ and ‘rotating_refresh_token’.
Solution
Review the API request being made and confirm the correct ‘type’ is being specified. For example, to see rotating refresh tokens (RTR) related to a given user the following request would be made:
curl -H "Authorization: Bearer <TOKEN>
"https://tenant.us.auth0.com/api/v2/device-credentials?user_id=<user_id>&client_id=<client_id>&type=rotating_refresh_token"