MSAL - Logging Out via Python Desktop App

Sean DeNigris 1 Reputation point
2022-11-07T16:27:43.467+00:00

I'm trying to log out my MSAL desktop app 5

I tried to adapt this SO answer 1 from JS to Python, and came up with: 

   account = app.get_accounts()[0]  
   app.remove_account(account)

Then following the docs 2, I opened in the system browser:

https://login.microsoftonline.com/common/oauth2/v2.0/logout

And received confirmation that an account was logged out.

But after both steps, Graph API queries are still succeeding.

I also found this AzureAD GitHub issue 3 which seemed to verify that the above should work, but IIUC they are relying on clearing web app session data as a guard. What I'm concerned about (and maybe I'm being paranoid) is that my access token continues to work even after logging out.

NB this is cross-posted from StackOverflow 4 because I wasn't aware of this forum. Sorry if that is against the rules and if so please let me know.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,437 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 21,546 Reputation points Microsoft Employee
    2022-11-10T22:05:42.593+00:00

    Hi @19133679 , you may have revoke the token manually on sign out. Please see this thread. This is probably due to the access and refresh token:

    "If the user has granted access to the application, Azure AD will issue an access token and a refresh token for the resource.

    The lifetime of the access token is usually about 1 hour. During its lifetime, even if the application is deleted, it is still available, but you will not be able to use the refresh token to obtain the access token again.

    If you need to revoke authorization during the lifetime of the access token, please see: here and here."

    Please let me know if this works.

    Best,
    James