Can't 'log out' of Microsoft OAuth flow with auth code acquisition

Jeroen H 40 Reputation points
2024-04-08T11:15:14.8666667+00:00

I have a program that uses Entra tokens, obtained with the javascript 'msal-node' library.
This is done by using the getAuthCodeUrl method, among other things. It produces a URL to the microsoft login page, and after logging in with your microsoft account, redirects you back to my program, containing a code I can use to get a Entra token.

My problem is that after the first login, any further visits to the microsoft login page are immediately accepted, meaning the login page is skipped and you are immediately redirected back to my program with a code.
That means that I can't let another user log in, because the URL returns a code of the first user's account, and as the login page is skipped it is not possible to select another account.

How do I log out the first user from the microsoft oauth page without a the login screen?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,789 questions
0 comments No comments
{count} votes

Accepted answer
  1. Navya 10,955 Reputation points Microsoft Vendor
    2024-04-10T08:27:29.13+00:00

    Hi @Jeroen H

    Thank you for posting this in Microsoft Q&A.

    I understand you having trouble logging out of the Microsoft OAuth flow with auth code acquisition.

    The post_logout_redirect_uri parameter is the URL that the user is redirected to after successfully signing out. This URL must match one of the redirects URIs registered for your application in the app registration portal. After successful sign-out, the active sessions will be set to inactive. If a valid Primary Refresh Token (PRT) exists for the signed-out user and a new sign-in is executed, SSO will be interrupted, and the user will see a prompt with an account picker. If the option selected is the connected account that refers to the PRT, sign-in will proceed automatically without the need to insert fresh credentials.

    To sign out a user, we need to perform both of these operations:

    For your reference: https://learn.microsoft.com/en-us/entra/identity-platform/scenario-web-app-sign-user-sign-in?tabs=nodejs#sign-out

    You can also refer to this post where similar issue has been discussed:

    https://learn.microsoft.com/en-us/answers/questions/1192925/end-session

    If you are encountering any issues, please let me know via the comments section.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.