Azure B2C revoke all sessions

asked 2022-06-13T05:57:41.407+00:00
DisplayName 61 Reputation points

Hello ,

I have been trying to be able to revoke all sessions (or at least be able to revoke all refresh tokens) in Azure B2C. So far I can always renew a tocken with a refresh token even if I ended the session through:
Azure Portal > User > Revoke Session
Microsoft Graph: https://graph.microsoft.com/v1.0/users/aaaaaa-bbbbb-ccccc-ddddd-eeeee/revokeSignInSessions
Powershell: Revoke-AzureADUserAllRefreshToken -ObjectId "aaaaaa-bbbbb-ccccc-ddddd-eeeee"

So I have two questions:
How can an application (with application permissions revoke all Tokens of a B2C User?
How can an administrator (with delegated permissions revoke all Tokens of a B2C User?

Both of these would be important features for security, as Refresh tokens are valid for a long time.

Azure Active Directory External Identities
{count} votes