Hi @Kunal Dhawan ,
Your understanding is correct but when you log out of a B2C application by calling MSAL's logout()
API, MSAL.js will clear browser storage of your user's tokens or clear the application's cookies which is not suffixed to sign the user out of the B2C application.
To sign out the user, redirect the user to the end_session_endpoint
obtained from the open id metadata which will clear user's single sign-on state with B2C.
GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout?post_logout_redirect_uri=https://www.jwt.ms
If you are still facing issues, an idea would be to redirect using &prompt=loginin in your auth url will revoke your login request.
- Is azure ad B2C considered as social sign in (federated entity) or is it considered a local account like Azure AD.
B2C is not considered as social sign in and if users are signing in B2C with local accounts, then user's session will be cleared if you are redirecting the user to end_session_endpoint.
- I have read here that it does not assume logout from social IDP but I am not using anything other than B2C. In this GitHub, it also mentioned it is expected behaviour but how do I logout properly so that user is asked for credentials again. [https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/2547
Answered above.
- After pressing logout, if user is signed out from B2C as the app executes Unauthenticated template instead of Authenticated, how is it able to sign in again without any credentials.
- Unfortunately calling the logout directly in B2C does not actually sign out but worked for Azure AD, because there a prompt for user to sign out which break single sign out process of B2C and user never get logout from B2C.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" and "rate" your experience if the above answer helped. This will help us and others in the community as well.