Share via

Issue with Parallel Login Flows in Azure AD B2C Across Multiple Tabs with different redirect URL's

Mahesh Bhosale (CSS) 26 Reputation points
2025-04-14T06:49:34.44+00:00

This is the sample URL we using to login with Azure ADb2c in our apps https://{domain}.b2clogin.com/{domain}.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_SiSu_MFA&client_id={clientId}&nonce=defaultNonce&redirect_uri={redirect_uri}&scope=openid&response_type=id_token&prompt=login

We are using Azure AD B2C for authentication in a multitenant web application. We've observed a problematic behavior when users initiate the login process in multiple browser tabs at the same time.

Steps to Reproduce:

  1. Open the B2C login URL in one tab and start the login process.
  2. Before completing the login in the first tab, open the same/different login URL in a second tab. meaning with same or different redirect URL.
    For ex we have 3 apps app1.contoso.com, app2.contoso.com, app3.contoso.com All these apps redirects to login on a URL https://{domain}.b2clogin.com/{domain}.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_SiSu_MFA&client_id={clientId}&nonce=defaultNonce&redirect_uri={redirect_uri}&scope=openid&response_type=id_token&prompt=login.
  3. Complete the login in the first tab.
  4. The second tab resets to the beginning of the login flow.

Problem:

This creates confusion for users and breaks the login flow in the second tab. It appears that Azure AD B2C does not handle parallel login attempts across tabs gracefully. We attempted various workarounds such as Custom policies with additional orchestration steps

None of rovided a reliable or supported solution.

Request: Can you please confirm:

  • Is this expected behavior in Azure AD B2C?
  • Is there any supported way to detect or prevent login flows from running in parallel tabs?
  • Is Microsoft planning to address this limitation in future updates or provide a hook to intercept token issuance?
Microsoft Entra
Microsoft Entra
A group of Microsoft multicloud identity and access solutions.
2,555 questions
0 comments
Accepted answer
  1. Goutam Pratti 4,015 Reputation points Microsoft External Staff
    2025-04-14T17:25:41.3566667+00:00

    Hello @Mahesh Bhosale (CSS) ,

    Yes, this is a known issue. When B2C sign-in/sign-up page is opened in multiple tabs within the same browser session, leads to unexpected behavior.

    As of now, B2C doesn't allow multiple sign-ins within the same browser session. You have to either use a different browser or an incognito/in-private browser for simultaneous sessions.

    It's recommended to avoid running the same Azure AD B2C flow in multiple tabs since the flow current orchestration step and progress state is shared between all tabs opened for the same, thus any progress or change made on one tab will update the state for the other ones.

    Additional you can check this: https://learn.microsoft.com/en-us/azure/active-directory-b2c/faq?tabs=app-reg-ga#i-use-multiple-tabs-in-a-web-browser-to-sign-in-to-multiple-applications-that-i-registered-in-the-same-azure-ad-b2c-tenant--when-i-try-to-perform-a-single-sign-out--not-all-of-the-applications-are-signed-out--why-does-this-happen--

    I would suggest submitting feedback regarding this at Azure Feedback Portal, which is closely monitored by Azure product teams for product improvements.

    Hope this helps. Let me know if you have any additional questions. Happy to assist you further.

    If you found the information helpful, please accept the answer so it can benefit other community members as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.