Error revoking login session

Rodrigo Cardoso 0 Reputation points
2024-05-06T14:21:16.99+00:00

I am loggin using OAuth (Open Authorization) 2.0, and i want to log out directly in my background without use https://login.microsoftonline.com/common/oauth2/v2.0/logout

to do this log out i am using this endpoint:

curl --location --request POST 'https://graph.microsoft.com/v1.0/me/revokeSignInSessions' \
--header 'Authorization: Bearer <TOKEN>'

but i get this response:

[
  "error" => [
    "code" => "UnknownError"
    "message" => ""
    "innerError" => [
      "date" => "2024-05-06T13:50:53"
      "request-id" => "xxxxxxxx"
      "client-request-id" => "xxxxxxxxx"
    ]
  ]
]

How can I fix this or How can I log out of my microsoft account in OAuth 2.0 ?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,452 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2024-05-07T04:11:30.58+00:00

    /revokeSignInSessions will invalidate session cookies but won't end application sessions as will happen if you implement Single sign-out. You should be able to send a POST request to https://login.microsoftonline.com/common/oauth2/v2.0/logout including the logout_hint.

    Let me know if you need additional or more detailed guidance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.