none
AzureAD Graph - Invalidate all refresh tokens for a user

    Question

  • Hello

    I have question about following AzureAD Graph function 

    Invalidate all refresh tokens for a user

    AzureAD Graph - https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/users-operations#invalidate-all-refresh-tokens-for-a-user

    What type of tokens are invalidated?  Both JWT/SAML2.0 ? or only JWT (Oauth/OpenID-Connect) ?

    Regards,

    Maqsood Ali Bhatti

    Wednesday, April 12, 2017 12:56 PM

Answers

  • The function call invalidateAllRefreshTokens basically clears all refresh tokens and cookies issues to a user.  It does not affect the existing SAML or JWTTokens that are held by an application.  These tokens will expire according to their expirations.

    However, when the tokens expire, the authentication process will need to be repeated to obtain a new code to redeem for a JWT or SAML token.

    Regards,
    MaxV (MSFT)

    Wednesday, April 19, 2017 7:10 PM

All replies

  • The function call invalidateAllRefreshTokens basically clears all refresh tokens and cookies issues to a user.  It does not affect the existing SAML or JWTTokens that are held by an application.  These tokens will expire according to their expirations.

    However, when the tokens expire, the authentication process will need to be repeated to obtain a new code to redeem for a JWT or SAML token.

    Regards,
    MaxV (MSFT)

    Wednesday, April 19, 2017 7:10 PM
  • Thank you for your answer :-)

    Regards,

    Maqsood.

    Wednesday, April 19, 2017 7:21 PM
  • Hi,

    is there a way to invalidate refresh token for a specific application just to ask user to log again for one application and not all ?

    regards

    Monday, July 9, 2018 7:55 AM
  • @Gregory:

    Currently Azure Active Directory does not support or provide an endpoint for an application to revoke the access/refresh tokens. The recommended approach is to clear the token cache on logout to prevent the re-use of the token. You may read more about configurable token lifetimes in Azure Active Directory to check the policies on token lifetimes and adjust that base on your requirement 

     --------------------------------------------------------------------------------------------------

    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your  forum experience, click here

    Thursday, July 12, 2018 8:59 PM
    Moderator
  • Hi Sandeep,

    thanks for your reply. I already clean the cache on my side  when logout but in one case I transfer the access/refresh token to a partner and then I want to be sure even if he say that he clean the access/refresh token I can revoke the refresh token.

    Do you have any information if a endpoint to revoke refresh token for a specific application is in the AAD B2C roadmap ?

    Regards

    Friday, July 13, 2018 9:31 AM
  • Unfortunately, we don’t have plans to share out a public roadmap. This is constantly changing as we’re listening to customer requests. We will continue to update feedback. Azure items as they come up so feel free to suggest anything you are curious about. You can request this via the Azure AD B2C feedback forum.

    --------------------------------------------------------------------------------------------------

    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click here


    Saturday, July 14, 2018 6:19 PM
    Moderator