HI @AdeRB • Thank you for reaching out.
As of today, bypassing the account selection prompt is not officially supported with v2.0 endpoint during logout (https://login.microsoftonline.com/common/oauth2/v2.0/logout) because this is still in the testing phase and official documentation will be published in near future.
You can use V1 endpoint for sign-out requests, which supports bypassing the account selection prompt. Below are the required V1 endpoints for this purpose:
- Well Known V1 endpoint: https://login.microsoftonline.com/common/.well-known/openid-configuration
- Logout V1 Endpoint: https://login.microsoftonline.com/common/oauth2/logout
- Sample Logout request: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https://portal.azure.com:443/
If you want to use V2 logout endpoint, you can use the below approach but keep in mind that this is in the testing phase and is not officially suggested/documented by Microsoft as of now.
Please refer to the login_hint
optional claim here https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims#v10-and-v20-optional-claims-set You can add this claim, by updating the app manifest as mentioned below:
"optionalClaims": {
"idToken": [
{
"name": "login_hint",
"source": null,
"essential": false,
"additionalProperties": []
}]
You should get the login_hint claim in the token as shown below:
If you are not getting this claim in the token, make sure that you use openid and profile scope in the sign-in request. Store this claim in your application and pass it as logout_hint parameter in your sign-out request.
-------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.