How to revoke OAuth refresh token?

scarecrow kakashi 246 Reputation points

I got a token and a refresh token following ,but how to revoke the refresh token and access token?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,525 questions
No comments
{count} votes

Accepted answer
  1. Alfredo Revilla (MSFT) 17,016 Reputation points Microsoft Employee

    Hello @scarecrow kakashi and thanks for reaching out. Azure AD refresh tokens can be revoked by a user using the AzureAD PowerShell Revoke-AzureADSignedInUserAllRefreshToken cmdlet or by an admin using the Revoke-AzureADUserAllRefreshToken cmdlet. For other instances when refresh tokens will get revoked during the device flow take a look to the password-and non-password based token columns of the Token revocations table.

    On the other side, Azure AD access tokens cannot be revoked. You can however control their lifetime using Configurable token lifetimes (mobile and desktop clients that access SharePoint Online and OneDrive for Business resources) and Conditional Access Session Management.

    Default lifetime for an access token ranges from 60 to 90 minutes. For more information take a look to Access token lifetime.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

0 additional answers

Sort by: Most helpful