in firefox azure adb2c does not logout correctly when using identity server 4 as the oidc

Hector Meneses @ BMG 25 Reputation points
2024-01-22T20:22:29.4766667+00:00

In firefox, When I logout from my wasm app that uses azure adb2c with identity server 4 as the oidc, the browser hangs on the logout page.

https://.../.../{userflow}/oauth2/v2.0/logout?post_logout_redirecturi={uri}

that url is generating an html page that is then connecting to the identity server Account/Logout page by creating an iframe and embedding the Account/logout page on it.

However, in firefox, this results on a NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION

Even if I try to add my wasm site and the azure adb2c tenant url https://{tenant}.b2clogin.com/ to my identity server 4 CSP frame ancestor directive I still have the same issue.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,266 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 26,991 Reputation points Microsoft Employee
    2024-01-23T20:54:24.8166667+00:00

    Hi @Hector Meneses @ BMG , another possible solution is to modify the logout URL to use the front-channel logout endpoint instead of the back-channel logout endpoint. The front-channel logout endpoint is designed to be used in an iframe and should not trigger a CSP violation. To use the front-channel logout endpoint, you can modify the logout URL to include the &x-client-SKU=MSAL.JS query parameter, like this:

    https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{userflow}/oauth2/v2.0/logout?post_logout_redirect_uri={uri}&x-client-SKU=MSAL.JS
    

    This should allow you to log out without encountering the CSP violation error in Firefox. Please let me know if you have any questions and I can help you further. If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.