aad oauth2grant remove¶
Remove specified service principal OAuth2 permissions
Usage¶
m365 aad oauth2grant remove [options]
Options¶
-i, --grantId <grantId>objectIdof OAuth2 permission grant to remove--confirm- Do not prompt for confirmation before removing OAuth2 permission grant
-h, --help [help]- Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are
options,examples,remarks,response,full. Default isfull. --query [query]- JMESPath query string. See http://jmespath.org/ for more information and examples
-o, --output [output]- Output type.
json,text,csv. Defaultjson --verbose- Runs command with verbose logging
--debug- Runs command with debug logging
Remarks¶
Before you can remove service principal's OAuth2 permissions, you need to get the objectId of the permissions grant to remove. You can retrieve it using the aad oauth2grant list command.
If the objectId listed when using the aad oauth2grant list command has a minus sign ('-') prefix, you may receive an error indicating --grantId is missing. To resolve this issue simply escape the leading '-'.
m365 aad oauth2grant remove --grantId \\-Zc1JRY8REeLxmXz5KtixAYU3Q6noCBPlhwGiX7pxmU
Examples¶
Remove the OAuth2 permission grant with ID YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek
m365 aad oauth2grant remove --grantId YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek
Remove the OAuth2 permission grant with ID YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek without being asked for confirmation
m365 aad oauth2grant remove --grantId YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek --confirm
More information¶
- Application and service principal objects in Azure Active Directory (Azure AD): https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects
- Delete a delegated permission grant (oAuth2PermissionGrant): https://docs.microsoft.com/en-us/graph/api/oauth2permissiongrant-delete?view=graph-rest-1.0