科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>azure - Graph API - Revoking AllSpecific Permissions programmatically - Stack Overflow

    azure - Graph API - Revoking AllSpecific Permissions programmatically - Stack Overflow

    programmeradmin4浏览0评论

    We have an application that requests users to grant permissions for specific features, such as Chat.Read or Calendar.Read, one at a time. We would like your assistance in understanding the following:

    1. How can we programmatically revoke these permissions from our side?
    2. Is it possible to revoke a specific permission only? For example, if a user has granted both Chat.Read and Calendar.Read, can we revoke only Calendar.Read while keeping Chat.Read active?

    We only ask for delegated permission and never ask for any Admin consent permission.

    We appreciate your guidance on this matter.

    We tried doing this: Get the oauth2PermissionGrant ID for the user

    GET .0/me/oauth2PermissionGrants Authorization: Bearer <token>

    Delete the oauth2PermissionGrant

    DELETE .0/oauth2PermissionGrants/{id} Authorization: Bearer <token>

    but we got an error saying: Deleting an OAuth2 permission grant requires an admin-level token with one of the following permissions:

    Application.ReadWrite.All

Directory.AccessAsUser.All

    We never asked for these Admin level permissions

    We have an application that requests users to grant permissions for specific features, such as Chat.Read or Calendar.Read, one at a time. We would like your assistance in understanding the following:

    1. How can we programmatically revoke these permissions from our side?
    2. Is it possible to revoke a specific permission only? For example, if a user has granted both Chat.Read and Calendar.Read, can we revoke only Calendar.Read while keeping Chat.Read active?

    We only ask for delegated permission and never ask for any Admin consent permission.

    We appreciate your guidance on this matter.

    We tried doing this: Get the oauth2PermissionGrant ID for the user

    GET https://graph.microsoft/v1.0/me/oauth2PermissionGrants Authorization: Bearer <token>

    Delete the oauth2PermissionGrant

    DELETE https://graph.microsoft/v1.0/oauth2PermissionGrants/{id} Authorization: Bearer <token>

    but we got an error saying: Deleting an OAuth2 permission grant requires an admin-level token with one of the following permissions:

    Application.ReadWrite.All

Directory.AccessAsUser.All

    We never asked for these Admin level permissions

    • azure
    • microsoft-graph-api
    • revoke-token
    Share Improve this question asked Mar 19 at 11:30 Devesh TiwariDevesh Tiwari 1171 gold badge2 silver badges18 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 1

    Programmatic revocation of delegated permissions (full or partial) without admin may not work. Direct users to revoke access manually via Microsoft portals, as APIs require elevated permissions not available in your scenario. Even if you log users out and clear the token, this doesn't revoke permission.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论