Share via

How can users delete/reset OAuth credentials in a Declarative Agent?

DOI 5 Reputation points
2025-12-22T05:19:31.9233333+00:00

I'm developing a Declarative Agent using Microsoft 365 Agent Toolkit (Teams Toolkit) with an API Plugin that uses OAuth authentication.

Once a user has authenticated, is there a way for the end user to manually delete or reset their OAuth credentials?

Use cases:

  • User wants to re-authenticate with a different account
  • Need to restart the authentication flow from scratch for testing purposes

What I've tried:

  • Uninstalling the agent from Teams → Some users report that this clears the authentication, but in my environment the credentials persist even after uninstalling

I'd like to understand:

  1. What causes this difference in behavior (tenant settings, deployment method, etc.)?
  2. Is there an officially supported way for users to clear their OAuth credentials?

Environment:

  • Microsoft 365 Agent Toolkit (Teams Toolkit)
  • Declarative Agent + API Plugin (OAuth 2.0 authentication)

Any guidance would be appreciated. Thank you!

Microsoft Copilot | Microsoft 365 Copilot | Development

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sayali-MSFT 5,851 Reputation points Microsoft External Staff Moderator
    2025-12-22T12:22:15.64+00:00

    Hello DOI,
    Teams and Declarative Agents don’t provide a built-in way for users to manually clear stored OAuth credentials. Tokens are centrally managed by the Bot Framework Token Service and can persist even after app uninstall due to SSO caching, tenant settings, and client differences. The correct way to force re-authentication is to call SignOutUserAsync on the server to invalidate bot tokens, optionally combined with Microsoft Graph’s revokeSignInSessions or manual consent removal for a full reset. The recommended approach is to expose a “Log out / switch account” action that triggers these server-side sign-out flows, ensuring users are prompted to sign in again cleanly.

    Reference Document:-
    https://learn.microsoft.com/en-us/training/modules/copilot-declarative-agent-api-plugin-auth/

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

  2. AI answer

    2025-12-22T05:20:38.5833333+00:00

    Currently, the context does not provide specific guidance on how users can manually delete or reset their OAuth credentials in a Declarative Agent using the Microsoft 365 Agent Toolkit. However, here are some insights based on your queries:

    1. Difference in Behavior: The variation in behavior regarding credential persistence after uninstalling the agent may be influenced by tenant settings, deployment methods, or caching mechanisms used by Teams or the agent itself. Each environment can have different configurations that affect how authentication tokens are stored and managed.
    2. Officially Supported Method: There is no explicitly mentioned method in the provided context for users to clear their OAuth credentials. Typically, OAuth tokens are managed by the service provider and may require specific API calls to revoke or delete tokens if supported.

    For your use cases, you may want to explore the Microsoft Graph API or other relevant APIs that could allow you to manage OAuth tokens programmatically, or check the documentation for any updates regarding user credential management in the context of Microsoft 365 Agents.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.