Hi @James Froud
Thanks for reaching out.
I understand you are trying to allow the user to revoke/remove consent.
How can I allow the user to revoke/remove consent?
To allow users to revoke/remove consent, you can use the Microsoft Graph API to revoke the user's tokens. Specifically, you can use the revokeSignInSessions
method to revoke all refresh tokens and end all sessions for the user.
To revoke the refresh token of the signed-in user:
POST https://graph.microsoft.com/v1.0/me/revokeSignInSessions
To revoke the refresh token of another user:
POST https://graph.microsoft.com/v1.0/users/object_id_or_upn_of_user/revokeSignInSessions
To use this method, you will need to have the User.ReadWrite.All permission. This permission allows your application to revoke sign-in sessions for the signed-in user.
This will only revoke the refresh token. Access tokens cannot be revoked and automatically expires after 1 hour.
Reference: https://learn.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http
Also I can't seem to navigate through Azure AD to find a way to see what users have consented to do or perhaps I cannot?
To see what users have consented to, you can use the Microsoft Graph API to retrieve a list of users who have granted consent to your application. Specifically, you can use the List
method of the oauth2PermissionGrants
resource type to retrieve a list of all the OAuth 2.0 permission grants that have been given to your application.
To use this method, you will need to have the User.ReadBasic.All least privilege permission.
GET https://graph.microsoft.com/v1.0/users/<userid>/oauth2PermissionGrants
You can also go to Identity->Enterprise Application->Select your application->Select Permissions and go to user consent to see all the permission assigned to user.
Also, if you are looking to revoke the application permission that has been granted for entire organization through admin consent. You can refer https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-application-permissions?pivots=portal#review-and-revoke-permissions
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.