I entered a strange state while experimenting with preauthorization and was hoping someone could confirm if this is intended behavior.
I had an already authorized device with one auth set and instead of decommissioning the device, I dismissed the one auth set which then removed the device from the device list. I just assumed that the device was automatically decommissioned since there were no more auth sets left, but I was wrong…
When I tried to preauthorize the device again I kept getting errors saying the device was already authed (409 return codes) but I couldn’t find any mention of it anywhere. Finally I thought maybe I should do an auth request to get it to pending state, accept it, then explicitly decommission it which did the trick and actually removed all device data from the server.
If this isn’t a bug, then at least there should be some reference to a device that still is tracked on the server even if it has no auth sets anymore.