Sample code for 30+ languages & platforms
Java

Microsoft Graph Revoke OAuth2 Access Tokens

See more Microsoft Graph Examples

Invalidates all the refresh tokens issued to applications for a user (as well as session cookies in a user's browser), by resetting the signInSessionsValidFromDateTime user property to the current date-time. Typically, this operation is performed (by the user or an administrator) if the user has a lost or stolen device. This operation prevents access to the organization's data through applications on the device by requiring the user to sign in again to all applications that they have previously consented to, independent of device.

Chilkat Java Downloads

Java
import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    boolean success = false;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Send a POST as shown below to invalidate all the refresh tokens issued to applications for a user (as well as session cookies in a user's browser),
    // 

    // 	POST /v1.0/me/revokeSignInSessions HTTP/1.1
    // 	Host: graph.microsoft.com
    //      Authorization: Bearer ACCESS_TOKEN
    // 	Content-Type: application/json
    // 	Content-Length: 0
    // 
    // or specify a specific user:
    // 
    // 	POST /v1.0/users/{id | userPrincipalName}/revokeSignInSessions HTTP/1.1
    // 	Host: graph.microsoft.com
    //      Authorization: Bearer ACCESS_TOKEN
    // 	Content-Type: application/json
    // 	Content-Length: 0

    CkHttp http = new CkHttp();

    // Set the http.AuthToken property to automatically add the "Authorization: Bearer ACCESS_TOKEN" header
    http.put_AuthToken("ACCESS_TOKEN");

    // Send an empty JSON request body.
    CkHttpResponse resp = new CkHttpResponse();
    success = http.HttpStr("POST","https://graph.microsoft.com/v1.0/me/revokeSignInSessions","","utf-8","application/json",resp);
    if (success == false) {
        System.out.println(http.lastErrorText());
        return;
        }

    // A response code of 204 is success
    if (resp.get_StatusCode() == 204) {
        System.out.println("Success.");
        return;
        }

    // We have an error...

    // Load the JSON response.
    CkJsonObject json = new CkJsonObject();
    json.Load(resp.bodyStr());
    json.put_EmitCompact(false);

    // Show the JSON response.
    System.out.println(json.emit());

    System.out.println("Response status code: " + resp.get_StatusCode());
  }
}