How to revoke OAuth refresh token?

scarecrow kakashi 246 Reputation points
2022-08-30T06:56:20.717+00:00

I got a token and a refresh token following https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code ,but how to revoke the refresh token and access token?

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
35,811 questions
0 comments No comments
{count} votes

Accepted answer
  1. 2022-09-01T18:36:25.137+00:00

    Hello @scarecrow kakashi and thanks for reaching out. Azure AD refresh tokens can be revoked by a user using the AzureAD PowerShell Revoke-AzureADSignedInUserAllRefreshToken cmdlet or by an admin using the Revoke-AzureADUserAllRefreshToken cmdlet. For other instances when refresh tokens will get revoked during the device flow take a look to the password-and non-password based token columns of the Token revocations table.

    On the other side, Azure AD access tokens cannot be revoked. You can however control their lifetime using Configurable token lifetimes (mobile and desktop clients that access SharePoint Online and OneDrive for Business resources) and Conditional Access Session Management.

    Default lifetime for an access token ranges from 60 to 90 minutes. For more information take a look to Access token lifetime.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful