MSAL - Logging Out via Python Desktop App

Sean DeNigris 1 Reputation point

I'm trying to log out my MSAL desktop app 5

I tried to adapt this SO answer 1 from JS to Python, and came up with:

   account = app.get_accounts()[0]  

Then following the docs 2, I opened in the system browser:

And received confirmation that an account was logged out.

But after both steps, Graph API queries are still succeeding.

I also found this AzureAD GitHub issue 3 which seemed to verify that the above should work, but IIUC they are relying on clearing web app session data as a guard. What I'm concerned about (and maybe I'm being paranoid) is that my access token continues to work even after logging out.

NB this is cross-posted from StackOverflow 4 because I wasn't aware of this forum. Sorry if that is against the rules and if so please let me know.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,740 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 14,346 Reputation points Microsoft Employee

    Hi @19133679 , you may have revoke the token manually on sign out. Please see this thread. This is probably due to the access and refresh token:

    "If the user has granted access to the application, Azure AD will issue an access token and a refresh token for the resource.

    The lifetime of the access token is usually about 1 hour. During its lifetime, even if the application is deleted, it is still available, but you will not be able to use the refresh token to obtain the access token again.

    If you need to revoke authorization during the lifetime of the access token, please see: here and here."

    Please let me know if this works.