How to know if an App still has access to OneDrive through Microsoft Graph API

0
votes

I have an application which is using OneDrive through Microsoft Graph API, I created an App and users will consent through the oauth2 flow (that's working).

Now, after that, I have a refreshToken that I can use to get more accessToken (that's also working).

The problem comes when the user revokes the access of my App from their OneDrive account, the refreshToken is still valid and my code still has access to OneDrive user's data.

Is there a way to know that my app was revoked for this specific user through the Microsoft Graph API?

1
microsoft-graph-apionedrive

1 Answers

0
votes

Just for anyone in the future, Microsoft Graph API do invalidate the refreshToken. For some unknown reason it was taking more than 10 minutes for making the invalidation.

After multiple times of testing this I saw that sometimes it might take 1 minute to invalidate, 5 minutes or even 10.

Because it might help someone I'm going to put the exact errors that I got when this case happened so people can handle it gracefully:

{"error": "invalid_grant", "error_codes": [65001], "error_description": "AADSTS65001: The user or administrator has not consented to use the application with ID 'your_app_id_here' named 'your_app_name_here'. Send an interactive authorization request for this user and resource."}