I'm looking for an API in microsft graph to revoke a user's token. Apparently, there is not also any method in O365 python library.
Normally, we can revoke the credentials of our applications via microsoft account consent page manually, but I couldn't find an API for that in microsoft graph.
For example, the following is the google revoke uri:
You can use the below graph call to revoke the Refresh token: To revoke the refresh token of the signed-in user:
POST - https://graph.microsoft.com/v1.0/me/revokeSignInSessions
To revoke the refresh token of another user:
POST https://graph.microsoft.com/v1.0/users/object_id_or_upn_of_user/revokeSignInSessions
ref doc - https://learn.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http
Note : You cannot revoke access tokens. Access tokens are short-lived and by default valid for 1 hour. However, when the refresh tokens are revoked, the application will not be able to redeem the refresh tokens (long-lived tokens) to acquire new access tokens.
Refer to: https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes.