Greetings!
I'm struggling to find out how can I revoke access/refresh token within the web application that gained them. Is this possible to achieve? Is there some revoke endpoint?
Greetings!
I'm struggling to find out how can I revoke access/refresh token within the web application that gained them. Is this possible to achieve? Is there some revoke endpoint?
Hi @AndriiMaslov-1341 · Thank you for reaching out.
You can make below calls to invalidate Refresh Tokens and SignIn Sessions.
POST https://graph.microsoft.com/v1.0/users/object_id_or_userPrincipalName/invalidateAllRefreshTokens
POST https://graph.microsoft.com/v1.0/users/object_id_or_userPrincipalName/revokeSignInSessions
For required graph permissions and more details please refer to:
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
@amanpreetsingh-msft I don't think any of these 2 endpoints can revoke access token. I tried locally. Even though I send request to https://graph.microsoft.com/v1.0/me/revokeSignInSessions endpoint, I can still use old access token to visit https://graph.microsoft.com/v1.0/me
Is there an api endpoint we can call to revoke access token? I found in this thread https://github.com/MicrosoftDocs/azure-docs/issues/12717 that this was unavailable in 2018. What about now?
4 people are following this question.