Microsoft Graph, revoking user's sign in sessions, returns InvalidAuthenticationToken error

Angel Fontalvo Avila 20 Reputation points
2023-08-30T18:55:41.1066667+00:00

I'm attempting to revoke a user's sign in sessions, however I keep receiving a 401 unauthorize error.

Here is my code snippet:

async revokeSignInSessions(targetUser, accessToken) {
    const query = `/users/${targetUser.id}/revokeSignInSessions`;

    await azure.graph.post(query, {
        headers: {
            'Authorization': 'Bearer ' + accessToken
        }
    });

    return 'success'; 
}

I receive the following error:

error: {
	code: 'InvalidAuthenticationToken',
	message: 'Access token is empty.'
}

If I place a debugging stop point, I can see that the access token contains a token value.

The Microsoft Graph API App has been granted the following permissions: User's image

Thank you in advance for your time and attention

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,448 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 140.8K Reputation points MVP
    2023-08-30T20:41:35.1966667+00:00

    Try adding the app to the 'Authentication Administrator" Azure AD role or "Privileged Authentication Administrator" and then try again.


  2. Angel Fontalvo Avila 20 Reputation points
    2023-09-06T16:07:24.51+00:00

    The issue was due to the syntax of the post request. It apparently required a body, even if empty. After including an empty body in the request, I was able to perform the operation successfully.

        await azure.graph.post(query, {}, {
            headers: {
                'Authorization': 'Bearer ' + accessToken
            }
        });
    
    0 comments No comments