Sample code for 30+ languages & platforms
Delphi DLL

Microsoft Graph Revoke OAuth2 Access Tokens

See more Microsoft Graph Examples

Invalidates all the refresh tokens issued to applications for a user (as well as session cookies in a user's browser), by resetting the signInSessionsValidFromDateTime user property to the current date-time. Typically, this operation is performed (by the user or an administrator) if the user has a lost or stolen device. This operation prevents access to the organization's data through applications on the device by requiring the user to sign in again to all applications that they have previously consented to, independent of device.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, HttpResponse, JsonObject;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
http: HCkHttp;
resp: HCkHttpResponse;
json: HCkJsonObject;

begin
success := False;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// Send a POST as shown below to invalidate all the refresh tokens issued to applications for a user (as well as session cookies in a user's browser),
// 

// 	POST /v1.0/me/revokeSignInSessions HTTP/1.1
// 	Host: graph.microsoft.com
//      Authorization: Bearer ACCESS_TOKEN
// 	Content-Type: application/json
// 	Content-Length: 0
// 
// or specify a specific user:
// 
// 	POST /v1.0/users/{id | userPrincipalName}/revokeSignInSessions HTTP/1.1
// 	Host: graph.microsoft.com
//      Authorization: Bearer ACCESS_TOKEN
// 	Content-Type: application/json
// 	Content-Length: 0

http := CkHttp_Create();

// Set the http.AuthToken property to automatically add the "Authorization: Bearer ACCESS_TOKEN" header
CkHttp_putAuthToken(http,'ACCESS_TOKEN');

// Send an empty JSON request body.
resp := CkHttpResponse_Create();
success := CkHttp_HttpStr(http,'POST','https://graph.microsoft.com/v1.0/me/revokeSignInSessions','','utf-8','application/json',resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

// A response code of 204 is success
if (CkHttpResponse_getStatusCode(resp) = 204) then
  begin
    Memo1.Lines.Add('Success.');
    Exit;
  end;

// We have an error...

// Load the JSON response.
json := CkJsonObject_Create();
CkJsonObject_Load(json,CkHttpResponse__bodyStr(resp));
CkJsonObject_putEmitCompact(json,False);

// Show the JSON response.
Memo1.Lines.Add(CkJsonObject__emit(json));

Memo1.Lines.Add('Response status code: ' + IntToStr(CkHttpResponse_getStatusCode(resp)));

CkHttp_Dispose(http);
CkHttpResponse_Dispose(resp);
CkJsonObject_Dispose(json);

end;