Reputation: 51
Azure AD B2C reuses previous user's token after logout when user changes
We have an application that uses MSAL.js to authenticate customers to their Azure Active Directories via Active Directory B2C. In the future we will introduce other IDPs in the mix and connect them to the B2C as well. B2C is configured via custom policies. SSO session scope is currently set to Tenant. The issue is that when user logs out of the application (and we call MSAL.js logout) I can see their ID and Access tokens are gone from the browser Local Storage, but they are are still logged in to their Azure AD because of other apps using it. So next time they login to the app B2C will not prompt them for credentials and automatically sign them in as long as they have AAD session active. I understand this is by design for B2C to support SSO, and we want SSO. However is there a way for a new user with different credentials to login fresh after the previous user logs out in the same browser session?
Upvotes: 0
Views: 1340
Answers (1)
Reputation: 3495
Set the prompt param to login. EG:
GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize? prompt=login
Or using MSAL.js:
var request = {
prompt: 'login',
}
userAgentApplication.loginRedirect(request);
Upvotes: 1
Related Questions
- Azure AD B2C Signout does not invalidate the token
- Next Auth Azure Ad B2C signout problem session kills on app but not on azure AD
- MSAL 2.x returns existing authentication result for a different B2C policy
- How to force refresh id_token from B2C with msal.js and react js
- User needs to re-authenticate with Azure AD B2C after the user closes and reopens the browser
- msal.js 2.0 tokenResponse null after loginRedirect
- Revoking the signin session for Azure AD B2c users is not working for Native applications
- Refreshing token through msal.js
- Azure AD B2C - MSAL JS - Refreshing token yields AADB2C90055
- Issue with logout on Azure AD B2C and ASP.NET Core