Azure b2c session doesn't expire

Roshan Srivastava 26 Reputation points


I am using Azure b2c with web app integration and it works fine but there are few issue that I noticed which i could not figure out how to do.

  1. After closing browser the session is not getting terminated
  2. Session also doesn't expire if I reopen browser after 2-3 hour
  3. On clicking logout the page is not redirect to my logout page even though I am passing redirect uri


Azure Active Directory External Identities
{count} votes

2 answers

Sort by: Most helpful
  1. James Hamil 12,976 Reputation points Microsoft Employee

    Hi @Roshan Srivastava , you most likely need to tweak some settings to get this to work. This thread goes into great detail on how you can accomplish this. Also, please take a look at this document. It details how you can customize the session behavior. If you've already viewed this documents or have any other questions please let me know.

    If this answer helped you please mark it as "Verified" so other users may reference it.

    Thank you,

  2. Roshan Srivastava 26 Reputation points

    113497-sign-in2.pngI get that the refresh token may be the reason for the silent authentication. But is there a way to turn off the refresh token flow as the minimum value in the config i can set is 1 days.

    The configuration b2c is attached as image. In startup I have following code to enable openid connect

                services.AddMicrosoftIdentityWebAppAuthentication(serviceProvider.GetRequiredService<IConfiguration>(), "AzureAdB2C");  
                services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, configureOptions: option =>  
                    option.GetClaimsFromUserInfoEndpoint = true;  
                    option.Events = new OpenIdConnectEvents();  
                    option.Events.OnAuthorizationCodeReceived = context =>  
                        // var idToken = context.;  
                        return Task.CompletedTask;  
                    option.Events.OnTicketReceived = context =>  
                        context.HttpContext.Session.SetString("sign-id", context.HttpContext.Session?.Id ?? Guid.NewGuid().ToString());  
                        // var idToken = context.;  
                        return Task.CompletedTask;  
                    option.Events.OnTokenValidated = OpenIdConnectionExtension.OnTicketReceivedCallback;  
                    option.Events.OnRemoteFailure = OpenIdConnectionExtension.OnRemoteFailure;  
                    option.Events.OnRemoteSignOut = context =>  
                        return Task.CompletedTask;