Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Add sign-out functionality to MSAL
See original GitHub issuePlease do correct me if I am wrong, but I have not been able to find any sign-out functionality in MSAL.
It would be useful to have something like a PublicClientApplication.SignOut() method to perform the following tasks:
- Remove cached tokens in MSAL
- Send a OIDC sign-out request to the tenant, in our case AAD B2C, to complete the sign-out (see here
- Remove all locally cached cookies, local storage entries, etc. from
WKWebViewbelonging to the tenant hostname, in our case login.microsoftonline.com (see here and of course the equivalent on other platforms
It might make sense to have two overloads:
PublicClientApplication.SignOut(IUser user)to do this for a given cached IUserPublicClientApplication.SignOut()to do it for all
I’m not sure about the technical feasibility of the former; for our scenario the latter would be perfect because we are only supporting one signed-in user at a time.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:12
- Comments:19 (8 by maintainers)
Top Results From Across the Web
Single-page application: Sign-in and Sign-out
Learn how to add sign-in to the code for your single-page application. ... You can sign in users to your application in MSAL.js...
Read more >microsoft-authentication-library-for-js/lib/msal-browser/docs ...
The logout process for MSAL takes two steps. ... The PublicClientApplication object exposes 2 APIs that perform these actions. msalInstance.logoutRedirect(); ...
Read more >Msal logout displaying multiple account
I am using Azure AD with React JS. When I am signed in using multiple accounts and call msal logout, then it is...
Read more >how to implement promptless logout with msal #5210
Hello, I am using Azure AD B2C custom policy to implement sign-in, sign-up flow. I want to implement promptless logout in my app...
Read more >Using msal-react for React app authentication
We have a different method in the MSAL instance to handle when a user logs out. Simply call instance.logoutRedirect() to clear the browser...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Yeah, as I said, MSAL libraries can’t control the browser cache. You do have some level of control over the interactive experience when using prompts - for example to force the user to re-enter their password, you can do:
A better way to deal with requirement however would be via Conditional Access. You ask the tenant admin to require users to enter their passwords at least once every x hours / days. Details at https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime. From the developer perspective, when you call
AcquireTokenSilent, MSAL will throw an MsalUiRequiredException and the user will have to re-enter their password.Also, on the backlog we want to provide a good sign-out (which involves the service removing the cookie), and sign-out from device.