Microsoft Azure AD - Azure AD signout redirection not working in Android App

Kanagal Raj 0 Reputation points
2023-07-19T21:22:25.8466667+00:00

Configuration
App name: AppAuth Demo App
Version: 'net.openid:appauth:0.11.1'
Integration: Android native java
Identity provider: Azure AD

Description:
I am working on integrating the Android App with the Microsoft Azure AD for user authentication and as part this effort struck with sign out redirection. The code used my application is almost as the AppAuth Demo app code.

For simplicity of debugging the problem, I started using AppAuth Demo (Android Native Java) app to test and debug the redirection issue of sign out user from Microsoft Azure AD. The signin functionality is working as expected and after successful signin AppAuth library redirects to URI provided in the app. When user clicks on signout, the Microsoft Azure AD dispalys "You signed out of your account. It's a good idead to close all bwoser windows" , but not automatically redirecting to the end session redirect uri configured in the demo app (appauth.demo-app.io://oauth2redirect). Same redirect URIs are used in redirect_uri and end_session_redirect_uri as shown below:

{
"client_id": "a1a3cf2f-f979-3b9f-bbfb-121743895b45",
"redirect_uri": "net.openid.appauthdemo://oauth2redirect",
"end_session_redirect_uri": "net.openid.appauthdemo://oauth2redirect",
"authorization_scope": "openid email profile",
"discovery_uri": "",
"authorization_endpoint_uri": "https://login.microsoftonline.com/<>/oauth2/v2.0/authorize",
"token_endpoint_uri": "https://login.microsoftonline.com/<>/oauth2/v2.0/token",
"registration_endpoint_uri": "",
"user_info_endpoint_uri": "https://graph.microsoft.com/oidc/userinfo",
"end_session_endpoint":"https://login.microsoftonline.com/<>/oauth2/v2.0/logout",
"https_required": true
}

When I debuuged the code, on sign out the AppAuth demo app sends the below request to Azure AD:
https://login.microsoftonline.com/<>/oauth2/v2.0/logout?id_token_hint=<>&state=TsKARQi5-HtTtVWanpsOIg&post_logout_redirect_uri=net.openid.appauthdemo%3A%2F%2Foauth2redirect

I am struggling with this issue for multiple days, but not able to find any solution to resolve this poblem. Am I missing any configuration in Azure AD, someone's help is much appreaciated to solve this problem.

Thank you very much in advance.

Microsoft Intune Android
Microsoft Intune Android
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Android: An open-source mobile platform based on the Linux kernel, developed by Google, and maintained by the Open Handset Alliance.
220 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,741 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 15,121 Reputation points Microsoft Employee
    2023-07-24T11:46:45.3733333+00:00

    @Kanagal Raj

    Thank you for sharing the details and screenshots.

    As per screenshot since your application registration have only net.openid.appauthdemo://oauth2redirect URL in the redirect URI hence even the logout request are being sent to the same.

    User's image

    I would recommend you to add appauth.demo-app.io://oauth2redirect to post_logout_redirect_uri, as described here - it must registered in the redirect_uris as well:

    User's image

    Or if you consider the logoutUrl as described in the Manifest - that is only used when you perform a Single-sign-out of all web apps, as described here.

    Also for any application dev scenario I would recommend to use MSAL library with your app for integrating with Microsoft Entra ID/Azure AD and then register via App registration

    MSAL.NET (Microsoft.Identity.Client) is an authentication library that enables you to acquire tokens from Azure Active Directory (Azure AD), to access protected web APIs (Microsoft APIs or applications registered with Azure AD). MSAL.NET is available on several .NET platforms (Desktop, Universal Windows Platform, MAUI, Xamarin Android, Xamarin iOS, Windows 8.1, and .NET Core).

    Please do let me know if you have any further queries.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.