Identity Platform Oauth2 Revoke Acess

mohamed arshad 31 Reputation points
2022-06-15T09:12:51.593+00:00

So what I am searching for is a Revoke oauth2 Access Endpoint on Identity platform.

Basically I have an App x which uses Microsoft identity platform and graph API to gain Access and use Users Mail,Calendar,contacts etc.

When the User want's their Microsoft Access to be removed from My app or wishes to delete their Account.

  • i need to revoke the Access Token and Refresh Token I have and My App Should be removed from the 'account.microsoft.com -> privacy -> Apps and Services That can Access your Data '
    so that the user can be sure that the Integration is removed.

This feature is available with google's API's Google Revoke Access Link. So when i Hit this api with my refresh token all the access is removed and my App disappears from the 'accounts.google.com->apps which access your data' screen too.

Can you guys please help me find if this is Available with Microsoft's API and Point me towards it
Thanks

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,496 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,446 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Shweta Mathur 30,101 Reputation points Microsoft Employee
    2022-06-16T06:34:19.173+00:00

    Hi @mohamed arshad ,

    Thanks for reaching out.

    I understand you are looking to revoke the tokens so users won't able to access the application further.

    You can use the below graph call to revoke the Refresh token:

    To revoke the refresh token of the signed-in user:

    POST https://graph.microsoft.com/v1.0/me/revokeSignInSessions

    To revoke the refresh token of another user:

    POST https://graph.microsoft.com/v1.0/users/object_id_or_upn_of_user/revokeSignInSessions

    Alternatively, you can use below PowerShell cmdlets as well:

    Revoke-AzureADSignedInUserAllRefreshToken

    Revoke-AzureADUserAllRefreshToken

    Access tokens cannot be revoked. Access tokens are short-lived and by default valid for 1 hour. However, when the refresh tokens are revoked, the application will not be able to redeem the refresh tokens (long-lived tokens) to acquire new access tokens.

    You may also consider setting access token lifetime to a lower value than 1 hour (minimum supported value is 10 minutes and the maximum is 1 day). Refer to: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes#token-lifetime-policies-for-access-saml-and-id-tokens.

    Hope this will help.

    Thanks,
    Shweta

    -------------------------------------------

    Please remember to "Accept Answer" if answer helped you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.