Using the Library msal4j I received a JWT token from Azure Active Directory and now, I would like to revoke that token. I didn´t find many information about how to do it.
Many thanks in advance
Juan Antonio
Asked
Active
Viewed 336 times
-1
jabrena
- 1,166
- 3
- 11
- 25
-
Why do you need to revoke a token? There exists a function on MS Graph API to revoke refresh tokens, but that is really only meant to be used if you think the user account is compromised etc. For logout, just redirecting the user to log out with AAD is enough. – juunas Apr 27 '20 at 13:43
-
Hi, any other concern about this issue? – Joy Wang Apr 29 '20 at 01:09
1 Answers
1
The reference you provided just applies to the refresh token from Machine Learning Server, if you want to revoke a specific refresh token from Azure AD, there is no such way currently, you can just revoke all the refresh token for a user.
You could use the options below:
Microsoft Graph - user: invalidateAllRefreshTokens (Not recommend to use it in the production env, it is a Beta version)
Azure AD Graph - Invalidate all refresh tokens for a user
Powershell command -
Revoke-AzureADUserAllRefreshToken
BTW, as mentioned in the comment, this operation is performed (by the user or an administrator) if the user has a lost or stolen device typically, for logout, just redirecting the user to log out with AAD is enough.
Joy Wang
- 39,905
- 3
- 30
- 54