Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

MSAL Angular v2: Logout with ID Token

See original GitHub issue

Core Library

@azure/msal-browser

Core Library Version

2.14.1

Wrapper Library

@azure/msal-angular

Wrapper Library Version

2.0.0-beta.5

Description

In Azure AD B2C, one can enable the option to require the ID Token for logouts. This option does not seem to be supported out of the box by the MSAL Angular (v2) wrapper.

Are there any plans to support this feature before coming out of beta? I probably could include the ID token myself, if I replicate the whole MSAL Angular Interceptor logic where the acquireTokenSilent() call is made, but looking at the code it looks a bit cumbersome. The EndSessionRequest looks like it already supports the idTokenHint.

MSAL Configuration

No response

Relevant Code Snippets

logout(): Observable<void> {
  return this.msal.logout({idTokenHint: "missing-token-here"});
}

Identity Provider

Azure B2C Basic Policy

Source

External (Customer)

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:13 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
jasonnuttercommented, Jul 28, 2022

#5036 will expose the raw id token, which applications can pass to the logout APIs if desired (the library will not automatically include it as id_token_hint if an account is passed).

1reaction
svrooijcommented, May 6, 2021

We are using this code to logout, and it picks up the id token in the logout request (I always assumed at least):

// Select account you want to signout, first one in this case
var account = this.msal.instance.getAllAccounts()[0];
// Unset active account (we are using multiple accounts in our app, not sure if this is needed in your case).
this.msal.instance.setActiveAccount(undefined);
// Signout (with account set)
this.msal.instance.logout({ account: account, postLogoutRedirectUri: '...' });
Read more comments on GitHub >

github_iconTop Results From Across the Web

Single-page application: Sign-in and Sign-out - Microsoft Learn
If your application already has access to an authenticated user context or ID token, you can skip the login step, and directly acquire ......
Read more >
Bypass the account selection screen while sign out(log out ...
To do this, first you have to setup the login_hint optional claim in the ID token. That needs to be done on the...
Read more >
Azure AD authentication in angular using MSAL angular v2 ...
I configure MSAL to automatically attach the access token for requests against the API using protectedResourceMap . Note that I pass in the ......
Read more >
@azure/msal-browser | microsoft-authentication-libraries-for-js
idTokenHint - ID Token used by B2C to validate logout if required by the policy; onRedirectNavigate - Callback that will be passed the...
Read more >
Deep dive on using MSAL.js to integrate Angular single-page ...
Integrate an Angular single page app with the Microsoft identity platform. ... and acquiring tokens with MSAL Angular Interceptor.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

BrowserAuthError: interaction_in_progress: Interaction is currently in progress.

Next page

ClientAuthError: access_token_entity_null: Access token entity is null, please check logs and cache to ensure a valid access