Revocation endpoint in Azure AD B2C

1
votes

Is there a way to revoke a specific refresh token in Azure AD B2C? It's for the user's management of third app and data access delegation.

I only find this method: Revoke-AzureADUserAllRefreshToken

I don't know if it will work with Azure AD B2C and it clearly doesn't fit with third app management and opt-out.

1
azureoauth-2.0azure-active-directoryazure-ad-b2c
According to that users in Azure AD B2C are managed by Azure AD, I think that if the users which you want to revoke for is in the users in the portal, this powershell cmdlet should also work on it. But,I'm not sure whether it could work for you, I did not test this way. There is a same case in SO, it may be helpful to you: stackoverflow.com/questions/40083004/…Wayne Yang
Maybe it will work but clearly it's not our use-case. It will revoke all the refresh tokens, we only want to revoke a specific token according to user opt-out on API data access delegation (third party apps management).user1523812

1 Answers

2
votes

Outdated, see update below. There is no way today to revoke tokens in Azure AD B2C. You can request this via the Azure AD B2C feedback forum.

The Revoke-AzureADUserAllRefershToken command only works for regular Azure AD and will not work for Azure AD B2C.

UPDATE FROM 2018-03-08

The Revoke-AzureADUserAllRefreshToken command can be used to revoke refresh Azure AD B2C tokens.