cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure AD OAuth 2.0 Access Token has expired

Han Valk
Copper Contributor

‎Feb 19 2018 07:55 AM - last edited on ‎Jan 14 2022 05:26 PM by

‎Feb 19 2018 07:55 AM - last edited on ‎Jan 14 2022 05:26 PM by

Azure AD OAuth 2.0 Access Token has expired

For testing purposes it is sometimes usefull to revoke a STS token. On AD FS there are ways to do this e.g. Revoke-AzureADSignedInUserAllRefreshToken.

Is there a way to revoke an Azure AD sts token either on the Azure AD side or the client side e.g. by removing/deleting it from the client. Deleting cookies unfortunately doesn't work.

2,835 Views
0 Likes
1 Reply
Reply
1 Reply
RuudGijsbers

‎Feb 19 2018 09:28 AM

‎Feb 19 2018 09:28 AM

Re: Azure AD OAuth 2.0 Access Token has expired

Hi Han,

 

Revoking a user’s active refresh tokens is simple and can be done on an ad-hoc basis. You do this by setting the StsRefreshTokensValidFrom on the user object, so any refresh tokens tied to a credential provided before the time this attribute was set will no longer be honored by Azure AD. The user will be forced to re-authenticate to receive a new refresh token.

Follow these steps to revoke a user’s refresh tokens:

  1. Download the latest Azure AD PowerShell V1 release.
  2. Run the Connect command to sign in to your Azure AD admin account. Run this command each time you start a new session:

    Connect-msolservice

  3. Set the StsRefreshTokensValidFrom parameter using the following command:

    Set-MsolUser -UserPrincipalName <UPN of the User> -StsRefreshTokensValidFrom (“<current date>”)

I hope this helps.

 

Best regards,

Ruud Gijsbers

0 Likes
Reply