在Microsoft Graph中取消请求

Question

I can not find how to send deauthorization request to Microsoft Graph in documentation ( https://developer.microsoft.com/en-us/graph/docs/concepts/overview ).

When user wants to disconnect Microsoft account with my application, he must have possibility to deauthorize my application. I know he can do it in Microsoft account setting, but I need have a possibility to do this via my application.

Answer 1

First, this kind of permission is running by Oauth permission grant. This needs be can configured or bulit both in AAD registration and your app itself.

About revoking the permission consent for a user:

You can do noting with 3rd party Applicaition (expect deleting the sp from your directory), only the user can revoke permission from My Apps Portal. If you're the owner of the app, you need to bulit some policy to achieve your goal by yourself.

For Example

When a user in your directory try to login the Microsoft Graph Explorer first time, the user needs to consent permissions that needed from Microsoft Graph Explorer. Then the user will be added to the users and groups of Graph exploer which a sp in your Azure AD. Evern you can delete the user from here, he can still sign in the app next time and doesn't need permission consent. Because the permission data is not hold by AAD. AAD is just a Identity authentication provider for it.

However, if you are the owner of that applicaiton you can just bulit some policy in your application to revoke permissions from user.

Hope this helps!