Generate device token via third party app

Is user authenticated on a third-party app using Pantaris IAM unable to generate device accesstoken?
User is OWNER of the Pantaris project, and other api calls seem to work, but i get a 403 on the /devices/{id}/refresh-accesstoken route.
Or is this something that i have to configure via the Permissions integration or via an app manifest?

Hi @daniel.v.sam ,

The available permission set of the OWNER is downgraded to the role of the application (Member) to prevent privilege escalation. Members are not allowed to generate device tokens. In order to get a token, the app needs to have the permission as well. The current published implementation of the Third party IAM does not provide an option similar to the manifest yet, which is required for it.

is this feature already planned for thirdparty IAM or to be requested via ticket?

Aligning the feature set of those two app types is already tracked