Forum Discussion

Timothy's avatar
Timothy
Copper Contributor
Jul 21, 2025

How do I sign out of my OIDC Entra ID Application?

We have an application protected with Entra ID using ODIC. To sign into our application or SPA goes through a series of redirects before getting a JWT and refresh token at the end of the Entra ID OID...
web apps
Kidd_Ip's avatar
Kidd_Ip
MVP
Jul 22, 2025

May consider on below:

 

  • Use Microsoft Graph API
    You can revoke a user's refresh tokens using the Microsoft Graph PowerShell SDK or REST API:
    Revoke-MgUserSignInSession -UserId <user-object-id>

     

    This command invalidates all refresh tokens for the user, effectively signing them out of your app without triggering global SLO.

 

  • Use invalidateAllRefreshTokens endpoint
    If you're automating this via backend logic, you can call the Microsoft Graph endpoint:
    POST https://graph.microsoft.com/v1.0/users/{id}/invalidateAllRefreshTokens

    This revokes all refresh tokens and forces reauthentication across apps using Entra ID.

Resources