Honestly your best source is going to be the underlying Repository Database. This, of course, is not ideal from the standpoint of supportability but so long as you are just reading the data then there is a very minor risk of complications.
Additionally the logs will contain the relevant information. Minimally you'd just need the Repository > System > License to show the license usage.
Edit: Do keep in mind that all of these methods will show who has used or has been assigned one. There's further complications when trying to compute who could access a token which would depend on the rules setup and would be quite complicated.