Breaking Change: Invalidate All Refresh Tokens update in Microsoft Graph Beta
We’re announcing that we will be deploying a breaking change to the invalidateRefreshTokens action in the Microsoft Graph beta endpoint starting in March. We expect the breaking change to be fully deployed by the end of March. The following are the updates:
- The invalidateAllRefreshTokens service action is renamed to revokeSignInSessions
- The refreshTokensValidFromDateTime property on the user resource is renamed to signInSessionsValidFromDateTime
This will affect existing applications that are calling invalidateAllRefreshTokens.
Current behavior
Request
POST https://graph.microsoft.com/beta/users/{id}/invalidateAllRefreshTokens
Response
HTTP/1.1 204 No Content
New behavior
Request
POST https://graph.microsoft.com/beta/users/{id}/revokeSignInSessions
Response
HTTP/1.1 204 No Content
Call to action
If your app has a dependency on invalidateAllRefreshTokens, update your apps as needed to handle this scenario. We welcome your feedback on UserVoice and if you have further questions reach out to us on StackOverflow.
-The Microsoft Identity Platform Team