Skip to main content

entra oauth2grant remove

Remove specified service principal OAuth2 permissions

Usage

m365 entra oauth2grant remove [options]

Options

-i, --grantId <grantId>

objectId of OAuth2 permission grant to remove.

-f, --force

Do not prompt for confirmation before removing OAuth2 permission grant.

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, permissions, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Remarks

Before you can remove service principal's OAuth2 permissions, you need to get the objectId of the permissions grant to remove. You can retrieve it using the entra oauth2grant list command.

If the objectId listed when using the entra oauth2grant list command has a minus sign ('-') prefix, you may receive an error indicating --grantId is missing. To resolve this issue simply escape the leading '-'.

m365 entra oauth2grant remove --grantId \\-Zc1JRY8REeLxmXz5KtixAYU3Q6noCBPlhwGiX7pxmU

Permissions

ResourcePermissions
Microsoft GraphDelegatedPermissionGrant.ReadWrite.All

Examples

Remove the OAuth2 permission grant with the specified ID.

m365 entra oauth2grant remove --grantId YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek

Remove the OAuth2 permission grant with the specified ID without being asked for confirmation

m365 entra oauth2grant remove --grantId YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek --force

Response

The command won't return a response on success.

More information