Am working with an Android application using the LiveSDK (https://github.com/liveservices/LiveSDK-for-Android) for accessing One Drive.

I have initialized the LiveConnectClient instance by obtaining the user consent with wl.signin, wl.basic, wl.skydriveupdate, wl.offlineaccess scopes. Even after the revoking the app permission in web, using the same LiveConnectClient instance the app can be able to perform create, delete and update operations on all the files and folders. I think this not what OAuth authentication is meant for.

Solution :

The permission for the application should be denied at the moment the user revokes the app permissions. Now even after an hour I can be able to access the drive with the same LiveConnectClient instance.