Delete oAuth2PermissionGrant (a delegated permission grant)

Namespace: microsoft.graph

Delete a delegated permission grant, represented by an oAuth2PermissionGrant object.

When a delegated permission grant is deleted, the access it granted is revoked. Existing access tokens will continue to be valid for their lifetime, but new access tokens will not be granted for the delegated permissions identified in the deleted oAuth2PermissionGrant.


There may be two delegated permission grants authorizing an application to act on behalf of a user when calling an API. This can happen when a user consents for the application on their own behalf (creating an oAuth2PermissionGrant with consentType Principal, identifying the user) and then an administrator grants tenant-wide admin consent on behalf of all users (creating a second oAuth2PermissionGrant with consentType of AllPrincipals).


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) DelegatedPermissionGrant.ReadWrite.All, Directory.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application DelegatedPermissionGrant.ReadWrite.All, Directory.ReadWrite.All

HTTP request

DELETE /oAuth2PermissionGrants/{id}

Request headers

Name Description
Authorization Bearer {token}. Required.

Request body

Do not supply a request body for this method.


If successful, this method returns 204 No Content response code. It does not return anything in the response body.



Here is an example of the request.



The following is an example of the response.

HTTP/1.1 204 No Content