Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
25,075 questions
Azure AD B2C session behavior
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 95%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBT%3C/text%3E%3C/svg%3E)
Binh Tu
0
Reputation points
Hi there,
Currently I have issue with Logout when using Azure AD B2C for my React app. Issue described below:
I have create 2 different user flows on my Azure AD B2C tenant as below:
B2C_1_Tenant_SI: single sign-on configuration of this policy is set as Tenant
B2C_1_Application_SI: single sign-on configuration of this policy is set as Application
And I use the sample React app which provide by microsoft to do testing for 2 scenarios:
Scenario 1: configure React app to use B2C_1_Tenant_SI.
- lauch the react app, click on sign in using either popup or redirect, let's use popup.
- it popup the login page, then I key in my credentials and after authenticated it close popup and back to my react app and show the ID token info.
- click on sign out, and sign out successfully.
- click on sign in using popup again, it popup the login page to ask for my credentials. This is expectation because i clicked sign out, and it cleared Azure B2C user's session.
Scenario 2: configure React app to use B2C_1_Application_SI.
- lauch the react app, click on sign in using either popup or redirect, let's use popup.
- it popup the login page, then I key in my credentials and after authenticated it close popup and back to my react app and show the ID token info.
- click on sign out, and sign out successfully.
- click on sign in using popup again, it popup the window and close immediately to back to my react app and show the ID token info without asking me to key in my credential. <---- This is unexpectation, it should ask for my credentials because I have signed out successfully at step 3 but seems like the Azure B2C user's session was not cleared.
Can anyone help to explain the issue above?
Here is code of handling logout
Thanks a lot.
Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Navya 19,790 Reputation points Microsoft External Staff Moderator2024-08-02T17:41:19.3033333+00:00 Hi @Binh Tu
Thank you for posting this in Microsoft Q&A.
When the user initially signs in to an application, Azure AD B2C persists a cookie-based session. Upon subsequent authentication requests, Azure AD B2C reads and validates the cookie-based session and issues an access token without prompting the user to sign in again. If the cookie-based session expires or becomes invalid, the user is prompted to sign-in again.
When a user successfully authenticates with a local or social account, Azure AD B2C stores a cookie-based session on the user's browser. When a user signs in with a federated account, a session time window, also known as time-to-live (TTL), starts. If the user signs in to the same or a different app within this TTL, Azure AD B2C attempts to acquire a new access token from the federated identity provider. If the federated identity provider session is expired or invalid, the federated identity provider prompts the user for their credentials. If the user’s session is ongoing, or if the user is signed in using a local account instead of a federated one, Azure AD B2C authorizes the user and prevents any further prompts.
For more information : https://learn.microsoft.com/en-us/azure/active-directory-b2c/session-behavior?pivots=b2c-user-flow
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
-
Sign in to comment
Sign in to answer