Feb 19 2018
- last edited on
Jan 14 2022
For testing purposes it is sometimes usefull to revoke a STS token. On AD FS there are ways to do this e.g. Revoke-AzureADSignedInUserAllRefreshToken.
Is there a way to revoke an Azure AD sts token either on the Azure AD side or the client side e.g. by removing/deleting it from the client. Deleting cookies unfortunately doesn't work.
Feb 19 2018 09:28 AM
Revoking a user’s active refresh tokens is simple and can be done on an ad-hoc basis. You do this by setting the StsRefreshTokensValidFrom on the user object, so any refresh tokens tied to a credential provided before the time this attribute was set will no longer be honored by Azure AD. The user will be forced to re-authenticate to receive a new refresh token.
Follow these steps to revoke a user’s refresh tokens:
Set-MsolUser -UserPrincipalName <UPN of the User> -StsRefreshTokensValidFrom (“<current date>”)
I hope this helps.