I can grant an API permission by:
OAuth2PermissionGrant ret = graphClient.oauth2PermissionGrants()
.buildRequest()
.post(oAuth2PermissionGrant);
AppRoleAssignment ret = graphClient.servicePrincipals(principalId)
.appRoleAssignments()
.buildRequest()
.post(appRoleAssignment);
But how can I revoke a permission? I'm using Java, if that matters.
Access which was granted can be revoked when that delegated permission grant is deleted. access tokens already in use will continue to be valid for their lifetime, but new access tokens will not be granted permissions.i.e;new ones are not generated.
GraphServiceClient graphClient = GraphServiceClient.builder()
.authenticationProvider(authProvider)
.buildClient();
graphClient.oauth2PermissionGrants("l5eW7x0ga0-WDOntXzHateQDNpSH5-lPk9HjD3Sarjk")
.buildRequest()
.delete();
Please check Delete oAuth2PermissionGrant (a delegated permission grant) - Microsoft Graph v1.0 | Microsoft Docs for details.
Similarly application roles can be deleted by using below code:
graphClient.users("{id}").appRoleAssignments("{id}")
.buildRequest()
.delete();
Please check Delete appRoleAssignment - Microsoft Graph v1.0 | Microsoft Docs
But it is recommended to delete app role assignments using the Delete appRoleAssignedTo method.
graphClient.servicePrincipals("{resource-SP-id}").appRoleAssignedTo("{appRoleAssignment-id}")
.buildRequest()
.delete();
References: Create oAuth2PermissionGrant (a delegated permission grant) - Microsoft Graph v1.0 | Microsoft Docs