User account never null

Question

I'm logging my user through the use of the pop-up of the graph API, then ask for a token silent to get its calendar events. All is well as it works as intended and I can work with the events.

My issue arises when the token for the logged user expires, as I understand it it means the user is not logged in anymore, which can also be seen when I ask for a token silent as it gets rejected with an error saying the user is not authenticated. So if I do a getAccount(), which returns the account of the current logged user or null if not logged, I never get null, I always get the last user who authenticated themselves even if they aren't anymore.

Is that normal? How am I supposed to check if there's a signed in user if this never return null?

Answer 1

When you call getAccount() you get the account(s) for the scope of your application. This is cached and is as such regardless of whether the user is currently logged in.

You did not specify which language you are using (granted, this is not relevant) so here is an example using javascript to illustrate my point.

From the tutorial at https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-javascript-spa#use-the-microsoft-authentication-library-msal-to-sign-in-the-user the following snippet shows a code flow illustrating the above:

After checking for a cached account a silent token acquisition is attempted. This only makes sense if the account is available in the application even before attempting to acquire a token.