This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 19%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
Configuration
App name: AppAuth Demo App
Version: 'net.openid:appauth:0.11.1'
Integration: Android native java
Identity provider: Azure AD
Description:
I am working on integrating the Android App with the Microsoft Azure AD for user authentication and as part this effort struck with sign out redirection. The code used my application is almost as the AppAuth Demo app code.
For simplicity of debugging the problem, I started using AppAuth Demo (Android Native Java) app to test and debug the redirection issue of sign out user from Microsoft Azure AD. The signin functionality is working as expected and after successful signin AppAuth library redirects to URI provided in the app. When user clicks on signout, the Microsoft Azure AD dispalys "You signed out of your account. It's a good idead to close all bwoser windows" , but not automatically redirecting to the end session redirect uri configured in the demo app (appauth.demo-app.io://oauth2redirect). Same redirect URIs are used in redirect_uri and end_session_redirect_uri as shown below:
{
"client_id": "a1a3cf2f-f979-3b9f-bbfb-121743895b45",
"redirect_uri": "net.openid.appauthdemo://oauth2redirect",
"end_session_redirect_uri": "net.openid.appauthdemo://oauth2redirect",
"authorization_scope": "openid email profile",
"discovery_uri": "",
"authorization_endpoint_uri": "https://login.microsoftonline.com/<>/oauth2/v2.0/authorize",
"token_endpoint_uri": "https://login.microsoftonline.com/<>/oauth2/v2.0/token",
"registration_endpoint_uri": "",
"user_info_endpoint_uri": "https://graph.microsoft.com/oidc/userinfo",
"end_session_endpoint":"https://login.microsoftonline.com/<>/oauth2/v2.0/logout",
"https_required": true
}
When I debuuged the code, on sign out the AppAuth demo app sends the below request to Azure AD:
https://login.microsoftonline.com/<>/oauth2/v2.0/logout?id_token_hint=<>&state=TsKARQi5-HtTtVWanpsOIg&post_logout_redirect_uri=net.openid.appauthdemo%3A%2F%2Foauth2redirect
I am struggling with this issue for multiple days, but not able to find any solution to resolve this poblem. Am I missing any configuration in Azure AD, someone's help is much appreaciated to solve this problem.
Thank you very much in advance.
The same question is posted on here too:
Thank you for posting your query on Microsoft Q&A, please be informed that I am reviewing the above query and will share the inputs.
Kindly share the following details:
Thanks,
Akshay Kaushik
@Akshay-MSFT - I am using the Open ID App Auth library for Android, but not the Microsoft SDK. The AppAuth library and its demo source code be found @https://github.com/openid/AppAuth-Android
If you need the full client ID, tenant and other details, I will be able to share it in a email.
Thank you for sharing the details and screenshots.
As per screenshot since your application registration have only net.openid.appauthdemo://oauth2redirect URL in the redirect URI hence even the logout request are being sent to the same.
I would recommend you to add appauth.demo-app.io://oauth2redirect to post_logout_redirect_uri, as described here - it must registered in the redirect_uris as well:
Or if you consider the logoutUrl as described in the Manifest - that is only used when you perform a Single-sign-out of all web apps, as described here.
Also for any application dev scenario I would recommend to use MSAL library with your app for integrating with Microsoft Entra ID/Azure AD and then register via App registration
MSAL.NET (Microsoft.Identity.Client) is an authentication library that enables you to acquire tokens from Azure Active Directory (Azure AD), to access protected web APIs (Microsoft APIs or applications registered with Azure AD). MSAL.NET is available on several .NET platforms (Desktop, Universal Windows Platform, MAUI, Xamarin Android, Xamarin iOS, Windows 8.1, and .NET Core).
Please do let me know if you have any further queries.
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.
@Akshay-MSFT As per your request, I have added the addtional end session redirect URI and also registered in the Azure AD, but this is not even solving the problem.
Below is the screenshot of the redirect URIs registered in Azure AD:
Android Manifest screenshot:
URLs configured in app:
Video recording of the issue below.
https://youtube.com/shorts/zChaRT9xfl0
After the successful logout, the Azure AD SSO page is not automatically redirecting to the app and asking the user close the browser and closing the broweser results in request cancelled.
It would be great if you can try the AppAuth Demo App and provide solution to unblock the issue currently I am facing it.
Thank you.
Thanks for your response, seems like you have not validated the entire solution hence sharing the 2nd section again:
Also for any application dev scenario I would recommend to use MSAL library with your app for integrating with Microsoft Entra ID/Azure AD and then register via App registration
MSAL.NET (Microsoft.Identity.Client) is an authentication library that enables you to acquire tokens from Azure Active Directory (Azure AD), to access protected web APIs (Microsoft APIs or applications registered with Azure AD). MSAL.NET is available on several .NET platforms (Desktop, Universal Windows Platform, MAUI, Xamarin Android, Xamarin iOS, Windows 8.1, and .NET Core).
I would recommend to use MSAL integration with the app as we don't own AppAuth library.
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.
@Akshay-MSFT We looking at developing a solution which across different IDPs based on the configuration, using MSFT library will limit the solution to MSFT only and I can't use the MSFT SDK in my solution at this time.
The Azure AD behavior shouldn't be tied to MSFT library only. My question is why does the Azure AD can redirect to app after successful login, but not on logout? Also, note that if I provide the https URL, Azure Azure AD can redirect to it, but not with Android App URL.
Kindly send an email at "azcommunity@microsoft.com",
with subject line as : Attn | Akshay | Microsoft Azure AD - Azure AD signout redirection not working in Android App
Body containing the Q&A query link: https://learn.microsoft.com/en-us/answers/questions/1333274/microsoft-azure-ad-azure-ad-signout-redirection-no
Subscription ID of your tenant
Thanks,
Akshay Kaushik
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 57.99999999999999%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
What was the solution to this issue? Does MSAL support SignOut flow to sign the user out of the browser from mobile app?