Invalidate a specific token from an application instead of all the tokens in MS GraphAPI?

Raja R 36 Reputation points

Hi All,

I've a scenario where in my application uses MS GraphAPI for authentication and authorizing a user with his MS credentials.

Once the user login to the application we get the token but once the user logout the application I would need to invalidate that token alone(which he got it from login).
Is this possible to invalidate only one token in MS GraphAPI?

Thanks in advance.

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
37,182 questions
{count} votes

Accepted answer
  1. CarlZhao-MSFT 39,101 Reputation points

    Hi @Raja R

    The access tokens in the ms graph API are not associated, and the invalidation of one token will not cause the invalidation of another token. The invalidate of the access token is only related to its lifetime, and the default lifetime is 1 hour. Note that even if the user logs out the application, the access token will not invalidate immediately, it can still call the graph api and will expire automatically after 1 hour.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful