Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Managing external identities to enable secure access for partners, customers, and other non-employees
Unable to invalidate refresh token Azure AD B2C
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 91%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETT%3C/text%3E%3C/svg%3E)
Tanja Tica
0
Reputation points
We use a Python CLI application and we want to invalidate the refresh token after the logout. We have tried to use InvalidateAllRefreshTokens method from the Microsoft Graph API. We get 200 responses instead of 204, as it is stated in the official documentation, but nothing happens, the refresh token is still valid.
In the registration of the B2C application, we gave permission to the User for the Graph API.ReadWriteAll and Directory. ReadWriteAll are we missing something?
Do you have any suggestions for this issue? We want to prevent the user from using the token to access our protected API's after the logout.
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT 21,131 Reputation points Microsoft Employee Moderator2024-07-22T10:30:13.28+00:00 Thank you for posting this in Microsoft Q&A.
I am looking into this issue and will get back to you post my research.
Sign in to comment
Sign in to answer