This article addresses an issue where the device-credentials endpoint returns an empty list instead of refresh tokens. The user attempts to retrieve refresh tokens associated with a given user ID.

The symptom experienced is receiving an empty array when making a request to the /api/v2/device-credentials endpoint.

Below is a sample request being used:

curl -H "Authorization: Bearer <TOKEN>
"https://tenant.us.auth0.com/api/v2/device-credentials?user_id=<user_id>&client_id=<client_id>&type=refresh_token"

• Auth0 Management API

• Calling the /api/v2/device-credentials endpoint

• Retrieval of refresh tokens

Review the API request and confirm the correct type parameter is being specified.

For example, to retrieve rotating refresh tokens (RTR) related to a user, the following request is made: 

curl -H "Authorization: Bearer <TOKEN>
"https://tenant.us.auth0.com/api/v2/device-credentials?user_id=<user_id>&client_id=<client_id>&type=rotating_refresh_token"