Мобильная версияMicrosoft Graph Rest API v1.0
Код: Выделить всё
user: revokeSignInSessions
https://learn.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http
implementation 'com.microsoft.graph:microsoft-graph:6.19.0'
graphServiceClient.users().byUserId(azureUserId).revokeSignInSessions().post()
Код: Выделить всё
user: invalidateAllRefreshTokens
https://learn.microsoft.com/en-us/graph/api/user-invalidateallrefreshtokens?view=graph-rest-beta&tabs=http implementation
'com.microsoft.graph:microsoft-graph-beta:6.21.0'
graphServiceClient.users().byUserId(azureUserId).invalidateAllRefreshTokens().post()
Код: Выделить всё
How I have tested for both v1 and beta APIs:
1. I used the specific libraries depending on which api.
Set up the implementation that calls the api using graph
2. I created a public endpoint that takes in the Object ID to pass to the api to revoke the User's tokens for testing
3. I login using my Sign In Policy to get a code
4. I get the Code to trade in for an access token
5. I hit my public endpoint to request Microsoft Graph Service to invalidate my signed in User by Object ID using Postman
6. I waited 5, 10, 15 and 30 minutes plus
7. I make a request for a new access token token using the refresh token belonging to my User by Object ID using Postman
8. I was able to request a new access token when I was expecting to be rejected.
After trying different approaches and waiting different amount of time, I was still able to request and get a branch new access token with my refresh token that was supposed to no longer be valid.
[img]https://i.sstatic .net/gwaY5kOI.png[/img]
Где я ошибся?
Подробнее здесь: https://stackoverflow.com/questions/791 ... ot-working
