Bypass the the account selection screen while logout.

Prem kumar Ayyappan 26 Reputation points
2022-03-04T11:16:23.533+00:00

I am using the @azure/msal-angular v2 and angular v13. I have business need to logout the user based on the scenario. So, If the user logged in and has no authority to proceed. I will programmatically trigger the logoutRedirect() function

MsalService.instance.logoutRedirect({
    account,
    postLogoutRedirectUri: 'http://localhost:4200/test',
    onRedirectNavigate:()=>{
              return true;
    }
});

Expected behavior: It needs to logged out based on the details passed in the logoutRedirect (no user selection screen is necessary).

Actual Behavior: It shows the account selection screen and the user interaction is necessary to sign-out.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,561 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,311 Reputation points
    2022-03-04T16:32:28.84+00:00

    HI @AdeRB • Thank you for reaching out.

    As of today, bypassing the account selection prompt is not officially supported with v2.0 endpoint during logout (https://login.microsoftonline.com/common/oauth2/v2.0/logout) because this is still in the testing phase and official documentation will be published in near future.

    You can use V1 endpoint for sign-out requests, which supports bypassing the account selection prompt. Below are the required V1 endpoints for this purpose:

    If you want to use V2 logout endpoint, you can use the below approach but keep in mind that this is in the testing phase and is not officially suggested/documented by Microsoft as of now.

    Please refer to the login_hint optional claim here https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims#v10-and-v20-optional-claims-set You can add this claim, by updating the app manifest as mentioned below: 

    "optionalClaims": {   
     "idToken": [               
        {  
            "name": "login_hint",  
            "source": null,  
            "essential": false,  
            "additionalProperties": []  
        }]

    You should get the login_hint claim in the token as shown below:

    130771-image.png

    If you are not getting this claim in the token, make sure that you use openid and profile scope in the sign-in request. Store this claim in your application and pass it as logout_hint parameter in your sign-out request.

    -------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    3 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sarath 1 Reputation point
    2022-05-16T06:45:54.737+00:00

    Hi @Prem kumar Ayyappan , @AmanpreetSingh-MSFT ...How did you do the V1 endpoint redirection? Can you please specify how it can be configured?

    0 comments