Edit

Delete oAuth2PermissionGrant (a delegated permission grant)

  • Article
  • 2 minutes to read

Namespace: microsoft.graph

Delete a delegated permission grant, represented by an oAuth2PermissionGrant object.

When a delegated permission grant is deleted, the access it granted is revoked. Existing access tokens will continue to be valid for their lifetime, but new access tokens will not be granted for the delegated permissions identified in the deleted oAuth2PermissionGrant.

Note

There may be two delegated permission grants authorizing an application to act on behalf of a user when calling an API. This can happen when a user consents for the application on their own behalf (creating an oAuth2PermissionGrant with consentType Principal, identifying the user) and then an administrator grants tenant-wide admin consent on behalf of all users (creating a second oAuth2PermissionGrant with consentType of AllPrincipals).

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) DelegatedPermissionGrant.ReadWrite.All, Directory.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application DelegatedPermissionGrant.ReadWrite.All, Directory.ReadWrite.All

HTTP request

DELETE /oAuth2PermissionGrants/{id}

Request headers

Name Description
Authorization Bearer {token}. Required.

Request body

Do not supply a request body for this method.

Response

If successful, this method returns 204 No Content response code. It does not return anything in the response body.

Example

Request

Here is an example of the request.

DELETE https://graph.microsoft.com/v1.0/oauth2PermissionGrants/l5eW7x0ga0-WDOntXzHateQDNpSH5-lPk9HjD3Sarjk

Response

The following is an example of the response.

HTTP/1.1 204 No Content