Hi @Xu, Kyson K • Thank you for reaching out.
You can use the below graph call to revoke the Refresh token:
To revoke the refresh token of the signed-in user:
To revoke the refresh token of another user:
Alternatively, you can use below PowerShell cmdlets as well:
Note: You cannot revoke access tokens. Access tokens are short-lived and by default valid for 1 hour. However, when the refresh tokens are revoked, the application will not be able to redeem the refresh tokens (long-lived tokens) to acquire new access tokens.
You may also consider setting access token lifetime to a lower value than 1 hour (minimum supported value is 10 minutes and the maximum is 1 day). Refer to: https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes.
Read more: Access token lifetime
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.