Revoke-MgUserSign fails

[davehope]

Apologies If I'm raising this in the wrong place, or an reporting a non-issue (New to MSGraph)

The Revoke-MgUserSign cmdlet (which I take as the equivalent to Revoke-AzureADUserAllRefreshToken ) consistently fails.

The application has User.ReadWrite.All, Directory.ReadWrite.All API permissions.

Connect-MgGraph -ClientID $cfgMGAppId -TenantId $cfgAzTenantId -CertificateName $cfgMgCertSubject
Revoke-MgUserSign -UserId xxxxx
Revoke-MgUserSign : Object reference not set to an instance of an object.
At line:1 char:1
+ Revoke-MgUserSign -UserId xxxxx
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Revoke-MgUserSign_Revoke1], NullReferenceException
    + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Cmdlets.RevokeMgUserSign_Revoke1

Inspecting the HTTP traffic (authorization header removed)

POST https://graph.microsoft.com/v1.0/users/xxxxx/microsoft.graph.revokeSignInSessions HTTP/1.1
SdkVersion: Graph-powershell-Microsoft.Graph.Authentication-1.6.0, Graph-dotnet-1.25.1
FeatureFlag: 00000047
Cache-Control: no-store, no-cache
Accept-Encoding: gzip
Host: graph.microsoft.com
Content-Length: 0

The response (request-id's removed):

HTTP/1.1 200 OK
Date: Tue, 31 Aug 2021 12:14:58 GMT
Content-Type: application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8
Cache-Control: no-cache
Location: https://graph.microsoft.com
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"UK South","Slice":"E","Ring":"3","ScaleUnit":"002","RoleInstance":"LO1PEPF00000279"}}
x-ms-resource-unit: 1
OData-Version: 4.0
Content-Length: 88

{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#Edm.Boolean","value":true}

Issue occurs regardless of whether UserPrincipalName or Id is used.

I notice the POST URL differs from that in the documentation:
https://docs.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http

Perhaps /v1.0/users/xxxxx/microsoft.graph.revokeSignInSessions should be /v1.0/users/xxxxx/revokeSignInSessions
AB#10954

[peombwa]

Thanks for opening this. This is indeed a bug with the command. We will investigate and fix it in our next releases.

[peombwa]

Upon further investigation, I can confirm that this is an issue with how the OpenAPI document that the SDK is generated from represents the response object of this operation.

@davehope, please note that the call succeeds, and a user's sign-in session is revoked even though the command throws an error. A workaround is to use Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/users/$UserId/microsoft.graph.revokeSignInSessions" -Method POST -Body @{} to revoke a user's sign-in session as we work on a fix.

Will be fixed by microsoftgraph/microsoft-graph-devx-api#726.