Azure b2c session doesn't expire

Question

Azure b2c session doesn't expire

Roshan Srivastava 26

Hi,

I am using Azure b2c with web app integration and it works fine but there are few issue that I noticed which i could not figure out how to do.

After closing browser the session is not getting terminated
Session also doesn't expire if I reopen browser after 2-3 hour
On clicking logout the page is not redirect to my logout page even though I am passing redirect uri

Thanks!!!

James Hamil 12,976 Reputation points Microsoft Employee

2021-07-09T00:35:32.107+00:00

Hi @Roshan Srivastava , we are investigating your issue and will update you shortly.

Best,
James
Anshul Kumar (MINDTREE LIMITED) 6 Reputation points

2021-10-08T04:47:20.233+00:00

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

James Hamil 12,976 Reputation points Microsoft Employee

2021-07-09T00:35:32.107+00:00

Hi @Roshan Srivastava , we are investigating your issue and will update you shortly.

Best,
James
Anshul Kumar (MINDTREE LIMITED) 6 Reputation points

2021-10-08T04:47:20.233+00:00

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

Answer 1

Hi @Roshan Srivastava , you most likely need to tweak some settings to get this to work. This thread goes into great detail on how you can accomplish this. Also, please take a look at this document. It details how you can customize the session behavior. If you've already viewed this documents or have any other questions please let me know.

If this answer helped you please mark it as "Verified" so other users may reference it.

Thank you,
James

Answer 2

I get that the refresh token may be the reason for the silent authentication. But is there a way to turn off the refresh token flow as the minimum value in the config i can set is 1 days.

The configuration b2c is attached as image. In startup I have following code to enable openid connect

 services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme);  
            services.AddMicrosoftIdentityWebAppAuthentication(serviceProvider.GetRequiredService<IConfiguration>(), "AzureAdB2C");  
  
            services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, configureOptions: option =>  
            {  
                
                option.GetClaimsFromUserInfoEndpoint = true;  
                option.Events = new OpenIdConnectEvents();  
                
                option.Events.OnAuthorizationCodeReceived = context =>  
                {  
                    // var idToken = context.;  
                    return Task.CompletedTask;  
                };  
                option.Events.OnTicketReceived = context =>  
                {  
                    context.HttpContext.Session.SetString("sign-id", context.HttpContext.Session?.Id ?? Guid.NewGuid().ToString());  
                    // var idToken = context.;  
                    return Task.CompletedTask;  
                };  
                option.Events.OnTokenValidated = OpenIdConnectionExtension.OnTicketReceivedCallback;  
                option.Events.OnRemoteFailure = OpenIdConnectionExtension.OnRemoteFailure;  
                option.Events.OnRemoteSignOut = context =>  
                {  
                    context.Response.Redirect("/Identity/Account/Logout");  
  
                    return Task.CompletedTask;  
  
                };  
            });

Azure b2c session doesn't expire

2 answers

Activity