Regenerating Registration Access Token for a public client


Securing Applications and Services Guide it is mentioned that Registration Access Tokens can be regenerated if the most recent one is lost. However, it does not mention how to do this. The only way I’ve found so far is through use of the Admin console.
When using the admin console, one is able to create a new Registration Access Token through the Credentials tab of a client. However, if the client is set to Public, the Credentials tab is hidden. Unless I’m missing something, a public client still requires a Registration Access Token if it is to be modified by a user lacking the manage-clients-permission.
This leads me to my questions:

  1. How can an admin regenerate a Registration Access Token through the UI without having to temporarily switch a public client to confidential/bearer-only?
  2. Is there an API admins or users can use to obtain a new Registration Access Token?