Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revoke-AzureADUserAllRefreshToken fails #25

Open
Acenl12 opened this issue Dec 21, 2020 · 0 comments
Open

Revoke-AzureADUserAllRefreshToken fails #25

Acenl12 opened this issue Dec 21, 2020 · 0 comments

Comments

@Acenl12
Copy link

Acenl12 commented Dec 21, 2020

I tried to Revoke-AzureADUserAllRefreshToken for a user but that fails while I have the authentication administrator and user administrator elevated by PIM. That fails with the following error:

 Get-AzureADUser -All:$true -SearchString username | Revoke-AzureADUserAllRefreshToken 
Revoke-AzureADUserAllRefreshToken : Error occurred while executing RevokeUserAllRefreshTokens
Code: Authorization_RequestDenied
Message: Access to invalidate refresh tokens operation is denied.
RequestId: 863a01c8-84bc-443d-815b-e09cb7a633e7
DateTimeStamp: Mon, 21 Dec 2020 12:35:15 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:82
 | Revoke-AzureADUserAllRefreshToken | 
+                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Revoke-AzureADUserAllRefreshToken], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.RevokeUserAllRefreshTokens

Environment data

$PSVersionTable

Name Value


PSVersion 5.1.19041.610
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.610
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant