0

I'm looking for an API in microsft graph to revoke a user's token. Apparently, there is not also any method in O365 python library.

Normally, we can revoke the credentials of our applications via microsoft account consent page manually, but I couldn't find an API for that in microsoft graph.

For example, the following is the google revoke uri:

https://oauth2.googleapis.com/revoke

Benyamin Jafari
  • 27,880
  • 26
  • 135
  • 150

1 Answers1

0

You can use the below graph call to revoke the Refresh token: To revoke the refresh token of the signed-in user:

POST - https://graph.microsoft.com/v1.0/me/revokeSignInSessions

To revoke the refresh token of another user:

POST https://graph.microsoft.com/v1.0/users/object_id_or_upn_of_user/revokeSignInSessions

ref doc - https://learn.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http

Note : You cannot revoke access tokens. Access tokens are short-lived and by default valid for 1 hour. However, when the refresh tokens are revoked, the application will not be able to redeem the refresh tokens (long-lived tokens) to acquire new access tokens.

Refer to: https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes.

vicky kumar
  • 563
  • 3
  • 11
  • thank you for your response. but the credentials that I have from the users, are access_token and refresh_token, what actually are object_id and upn_of_user? actually, I have the users' offline token of outlook calendar. – Benyamin Jafari Aug 12 '22 at 04:04
  • Thanks , Object_id and UPN is user_id , this operation is only performed (by the user or an administrator) if the user has a lost or stolen device. This operation prevents access to the organization's data through applications on the device by requiring the user to sign in again to all applications that they have previously consented to, independent of device. please check the doc for more info - https://learn.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http – vicky kumar Aug 19 '22 at 06:32
  • The above API is to increase the SignInSession , Could you please also confirm , what you really want to achieve . – vicky kumar Aug 19 '22 at 06:40