Share via

Issues with Revoke User Session Using Graph API

itay4 61 Reputation points
2025-02-09T10:21:08.1466667+00:00

I am using the Microsoft Graph API to revoke a user session. According to the documentation, the User.RevokeSessions.All (Delegated) permission is required. I have also added the following permissions:

  • User.ReadWrite.All (Delegated)
  • Directory.AccessAsUser.All (Delegated)
  • Directory.ReadWrite.All (Delegated)

API Request:

I am using the following API request:

using the following API request 

curl -X POST https://graph.microsoft.com/v1.0/users/<USER_EMAIL>/revokeSignInSessions \
-H "Accept: application/json" \
-H "Authorization: Bearer <XX_REPLACED>" \
-H "Content-Type: application/json" \
-H "Content-length: 127"

Issue:

When I use a token generated with the admin's authorization code, the request is successful. However, when using a token generated by a non-admin user, I receive an HTTP 403 Unauthorised response.

Error in API call [403] - Forbidden {"error": {"code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", "innerError": {"date": "2025-02-09T09:09:30", "request-id": "dummy-id", "client-request-id": "dummy-id"}}}

Question:

I do not see anything in the documentation indicating that only administrators can execute this API request. Am I missing something? Why do non-admin users get an HTTP 403 Unauthorized response?

Microsoft Security | Microsoft Graph
0 comments

Answer accepted by question author

Anonymous
2025-02-10T01:46:18.89+00:00

Hello itay4,

Thank you for reaching out to Microsoft Support!

For Revoke User Session, when you use a non-administrator account, you can only Revoke sign-in session through the POST /me/revokeSignInSessions endpoint, according to the documentation.

However, for other users, as Andy David - MVP said, you need the administrator role for security reasons, through the POST /users/{id | userPrincipalName}/revokeSignInSessionsendpoint revoked sign-in session.

The official documents may not clearly express this, we are very sorry for the trouble caused to you.

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

Was this answer helpful?

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 160.3K Reputation points MVP Volunteer Moderator
    2025-02-09T15:22:12.74+00:00

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.