In Graph API, if a user grant's permission for us to call graph api's on their behalf using the delegated oauth (https://docs.microsoft.com/en-us/graph/auth-v2-user) is there a way that we can deactivate the tokens at a later point of time?
I see that there are graph apis that we can use to revoke permission grants: https://docs.microsoft.com/en-us/graph/api/resources/oauth2permissiongrant?view=graph-rest-1.0
But these require additional permissions, and would allow us to revoke other tokens, and have a lot more access than we need for our application. I'm wondering if there is a way that we can revoke only the access/refresh token that we received during delegated oauth, without requiring any additional permission, and without the user having to do it on their side.
This would be useful for example if we no longer need access to the token and want to limit our attack surface, or if the tokens were compromised we wouldn't need to wait for the user to "sign out" of the tokens.