Azure AD B2C won't logout Facebook

Question

When using Facebook as the IDP for Azure AD B2C, it appears that B2C isn't using the FB SDK correctly.

Using FB's guidelines found here, I would expect scenario 2 and 3 below to log out of Facebook:

1. A person logs into Facebook, then logs into your app. Upon logging out from your app, the person is still logged into Facebook.
2. A person logs into your app and into Facebook as part of your app's login flow. Upon logging out from your app, the user is also logged out of Facebook.
3. A person logs into another app and into Facebook as part of the other app's login flow, then logs into your app. Upon logging out from either app, the user is logged out of Facebook.

When we log out of our application, Facebook is staying logged in, which is NOT the desired behaviour.

Similar question was asked previously on Technet.

Is there a way to make this happen, or is this feature on the B2C roadmap?

Answer 1

Azure AD B2C does not support signing you out from the external identity provider, be it Facebook, Google or a custom OIDC/SAML/WS-Fed identity provider. It only signs you out from Azure AD B2C.

Currently, Azure AD B2C does not disambiguate whether you were already signed-in to the external identity provider or signed in to it as part of signing in to Azure AD B2C, so it can only either always keep you signed in or always sign you out. The latter option is rather invasive, thus Azure AD B2C opts for keeping you signed in, which is in line with Facebook's #1 guideline.

You can request support for this more advanced detection and sign out logic via the Azure AD B2C feedback forum.

Note: This question is similar to: Azure AD B2C OpenID Connect single logout with WS-Federation and SAML claims provider