How to revoke token

Xu, Kyson K 156 Reputation points
2021-12-22T06:43:08.06+00:00

After I get the token value, what method can I use to cancel the token and invalidate the token, because before the token expires, it is possible to call our application interface through postman, but this situation should be prohibited

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,421 questions
0 comments No comments
{count} vote

Accepted answer
  1. AmanpreetSingh-MSFT 56,686 Reputation points
    2021-12-22T07:10:52.3+00:00

    Hi @Xu, Kyson K • Thank you for reaching out.

    You can use the below graph call to revoke the Refresh token:

    To revoke the refresh token of the signed-in user:

    To revoke the refresh token of another user:

    Alternatively, you can use below PowerShell cmdlets as well:

    Note: You cannot revoke access tokens. Access tokens are short-lived and by default valid for 1 hour. However, when the refresh tokens are revoked, the application will not be able to redeem the refresh tokens (long-lived tokens) to acquire new access tokens.

    You may also consider setting access token lifetime to a lower value than 1 hour (minimum supported value is 10 minutes and the maximum is 1 day). Refer to: https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes.

    Read more: Access token lifetime

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. Andi Jones 1 Reputation point
    2021-12-22T07:31:02.917+00:00

    To revoke a refresh token, send a post request to your domain. The /oauth/revoke endpoint revokes the entire grant, not just a specific token. Use the /api/v2/device-credentials endpoint to revoke refresh tokens.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.