Hi @AD Dev • Thank you for reaching out.
Yes, revoking OAuth permissions will revoke the permissions for other applications as well. Similarly, you cannot revoke refresh tokens for a specific app. There is no option to invalidate Access token for active users.
Best I can think of, in this scenario is, using Sign-in frequency, which can be configured by using sessions control option in Conditional Access policy. Sign-in frequency setting works with apps that have implemented OAUTH2 or OIDC protocols according to the standards. By using Sign-in frequency, you can define the time period at the expiry of which, user(s) have to sign in again when attempting to access a resource. E.g. if you have configured sign-in frequency to 30 minutes, users who are under the scope of the policy will be required to sign-in after every 30 minutes to the application(s) included to the policy.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.