This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 67%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIK%3C/text%3E%3C/svg%3E)
Hi All,
I am using service to service authentication, I get the access token in my daemon service using OAuth 2.0 Client Credential flow using following end point
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Now my service wants to invalidate or logout the token how can I achieve this. Please help me on this. What is the token revoke end point? Is it possible if not please provide some feedback as I can get and revoke token with other CRM Platforms like Salesforce.
Regards,
IK
Dynamics 365 API tokens can be revoked by calling DELETE /login/refreshToken?refreshToken={refresh_token_value} HTTP/1.1
Example:
DELETE https://mrs.contoso.com/login/refreshToken?refreshToken=ScW2t HTTP/1.1
Also, visit the documentation page: deployr-api-docs
--please don't forget to upvote and Accept as answer if the reply is helpful--
I still did not get your point. I don't have refresh token, I only have access token.
As Microsoft Documentation indicates, 'Access tokens cannot be revoked and are valid until their expiry' (As mentioned in previous response). Application uses cached tokens even after the expiry of the actual token. The default lifetime of an access token is 75 minutes on average. So, application maintains the connectivity by only through refresh token in cache
How we get refresh token using Client Credential flow.?
Sorry to say that, I have not much details on Dynamics 365 client handling of tokens (how the client handles oAuth authentication, as it changes product wise). Hopefully, someone from MSFT team will help on this
Note that, 'Access tokens cannot be revoked and are valid until their expiry' Reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes#access-tokens
However, you may revoke refresh tokens using Graph API. Application looses the token when you revoke refresh token and it helps. Following POST command will revoke the refresh token
POST https://graph.microsoft.com/v1.0/me/revokeSignInSessions
----------
--please don't forget to upvote and Accept as answer if the reply is helpful--
I am not using the Graph API. I am using dynamics 365 Web API to read and write data to Dynamics 365 CRM and use access token to be authorized.
I did not get any refresh token with client credential flow.