RevokeSignInSessions not working for B2C tenant #3019
Description
Describe the bug
I am working on a feature to trigger revoking sessions for a user from all devices. The SignInSessionValidFromDateTime was reset, but the user could still get new access tokens using the refresh token.
Note: this is for a B2C tenant. I tried to use "Revoke sessions" from Azure portal and it works as expected. I am wondering if the portal is doing more than just resetting SignInSessionsValidFromDateTime value.
Expected behavior
The user logged in from other browsers should not refresh the access token once existing access token expires. Like what it does from azure portal, when "Revoke sessions" triggers for a user, all existing refresh tokens become invalid.
How to reproduce
- Login as user in a browser
- Run the program to revoke sessions and returns 200 response.
var response = await _graphClient.Users[userId].RevokeSignInSessions.PostAsRevokeSignInSessionsPostResponseAsync(); - Issue: the user keeps getting new access tokens once previous one expires.
SDK Version
No response
Latest version known to work for scenario above?
No response
Known Workarounds
No response
Debug output
Click to expand log
```</details>
### Configuration
_No response_
### Other information
_No response_