Share via

Change password - multiple accounts issue (Azure B2C custom policy and MSAL library)

Anonymous
2023-04-19T11:50:23.9833333+00:00

Hello. We are working on change password issues, we're using Azure B2C custom policy and MSAL library (msal-react) in our web app. We're faced with the following issue, after password change we noticed that we're getting two active user accounts from:

const { accounts } = useMsal();

As we do not support multiple accounts, it causes issues with the user logout flow. After logging out, the user can still see their profile because of a second active account. Please refer to the screenshot, which shows that the second account was created with a homeAccountId password change. Group 9 (1)

We wanted to avoid creating a second account. Could you please suggest the appropriate workaround for this situation, and perhaps identify any areas we might be overlooking where the second account is being created? And if there are no workarounds to avoid creating a second active account, is it the correct way to handle the logout issue by logging out of all active accounts sequentially? Appreciate your help!

Microsoft Security Microsoft Entra Microsoft Entra External ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-04-24T11:41:28.5233333+00:00

    Hi @Anonymous ,

    Thanks for reaching out.

    It seems that you are experiencing an issue with multiple accounts being returned after a password change in Azure B2C. This can be caused by MSAL caches account objects and multiple accounts in Azure AD B2C.

    One workaround to avoid creating a second account is to clear the MSAL cache after a password change. This can be done using the clearCache() method. msalInstance.clearCache();

    Also, to ensure that you are selecting the correct account, you can filter the accounts returned by the useMsal() hook to only include the account with the homeAccountId that contains the sign-up/sign-in user-flow.

    const { accounts } = useMsal()
const signUpSignInPolicy = "<policyname>"
const account = accounts.find(a => a.homeAccountId.includes(signUpSignInPolicy))

    This will ensure that you are only selecting the account that was used for sign-up/sign-in and not any additional accounts that may have been created during the password change process.

    You can also use the removeAccount() method to remove the second account. You need to retrieve the account object for the second account using the accounts property first.

    const accounts = msalInstance.getAllAccounts(); 
const secondAccount = accounts[1]; 
msalInstance.removeAccount(secondAccount);

    If none of the above will work, you can log out of all active accounts sequentially.

    Hope this will help.

    Thanks,

    Shweta

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.