How do I revoke a Refresh Token who took my Minecraft account?

Jimmy Ma 0 Reputation points
2024-07-01T00:45:59.09+00:00

Hi, yesterday someone got access to my minecraft SSID. I looked up a bunch of posts on how long it would take before the refresh token expires but still don't fully understand how it works. I want to this person to no longer have access to my minecraft account. I read things about Azure AD, but I don't know what that is. I'm also unsure how to get my Minecraft SSID myself. Could someone be kind enough to help me?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,515 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 16,691 Reputation points Microsoft Employee
    2024-07-01T12:03:25.3966667+00:00

    @Jimmy Ma

    Thank you for posting this in Microsoft Q&A.

    As I understand you want to revoke the access token that was issued to your account initially while accessing Minecrafe SSID>

    The default lifetime of an access token is variable. When issued, an access token's default lifetime is assigned a random value ranging between 60-90 minutes (75 minutes on average). The default lifetime also varies depending on the client application requesting the token or if Conditional Access is enabled in the tenant. If the authentication protocol allows, the app can silently reauthenticate the user by passing the refresh token to the Microsoft Entra ID when the access token expires.

    There is refresh token that is issue to user account also along with access token.

    When access token is expired, refresh token is given to identity provider to to get new access token and silent authentication takes place.

    In your situation you can revoke your refresh token for your account, and this will prompt for credentials once again when access token is expired instead of performing silent authentication.

    You can revoke refresh token using below PowerShell command,

    Revoke-AzureADUserAllRefreshToken -ObjectId "a1d91a49-70c6-4d1d-a80a-b74c820a9a33"

    https://learn.microsoft.com/en-us/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0

    You can also perform this using Microsoft Graph,

    POST https://graph.microsoft.com/{version}/users/{userobject_id}/invalidateAllRefreshToken`
    

    https://stackoverflow.com/questions/72645759/how-to-revoke-azure-ad-oauth-token

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.