Skip to content

Commit 4b3dfd1

Browse files
v-shilsv-shils
authored
Merge pull request #182980 from bernawy/patch-31
b2c-support: Add this refresh token issue to FAQ
2 parents dad8246 + b6bb503 commit 4b3dfd1

File tree

1 file changed

+14
-1
lines changed
  • articles/active-directory-b2c

1 file changed

+14
-1
lines changed

articles/active-directory-b2c/faq.yml

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,10 @@ metadata:
99
ms.service: active-directory
1010
ms.workload: identity
1111
ms.topic: conceptual
12-
ms.date: 12/9/2021
12+
ms.date: 01/03/2022
1313
ms.author: kengaderdus
1414
ms.subservice: B2C
15+
ms.custom: "b2c-support"
1516

1617
title: 'Azure AD B2C: Frequently asked questions (FAQ)'
1718
summary: This page answers frequently asked questions about the Azure Active Directory B2C (Azure AD B2C). Keep checking back for updates.
@@ -227,6 +228,18 @@ sections:
227228
* API connectors
228229
* Conditional Access
229230
231+
- question: |
232+
I have revoked the refresh token using Microsoft Graph invalidateAllRefreshTokens, or Azure AD PowerShell, Revoke-AzureADUserAllRefreshToken. Why is Azure AD B2C still accepting the old refresh token?
233+
answer: |
234+
In Azure AD B2C, if the time difference between `refreshTokensValidFromDateTime` and `refreshTokenIssuedTime` is less than or equal to 5 minutes, the refresh token is still considered as valid. However, if the `refreshTokenIssuedTime` is greater than the `refreshTokensValidFromDateTime`, then the refresh token is revoked.
235+
Follow the following steps to check if the refresh token is valid or revoked:
236+
1. Retrieve the `RefreshToken` and the `AccessToken` by redeeming `authorization_code`.
237+
1. Wait for 7 minutes.
238+
1. Use PowerShell cmdlet [Revoke-AzureADUserAllRefreshToken](https://docs.microsoft.com/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0) or Microsoft Graph API [invalidateAllRefreshTokens](https://docs.microsoft.com/graph/api/user-invalidateallrefreshtokens?view=graph-rest-beta&tabs=http) to run the `RevokeAllRefreshToken` command.
239+
1. Wait for 10 minutes.
240+
241+
1. Retrieve the `RefreshToken` again.
242+
230243
- question: |
231244
How do I report issues with Azure AD B2C?
232245
answer: |

0 commit comments

Comments
 (0)