Azure Logout redirect URL as http instead of https

Question

Azure Logout redirect URL as http instead of https

Shruthi M 6

We have developed a desktop application using ElectronJS and React. In here we have used Azure AD B2C for authentication using the msal.js npm package. ElectronJS on successful build will run on the file protocol method. But Azure AD B2C does not support file protocol(file://somepath/some). So only other option is, while running in production we have created a server locally with some specific port and in that case Redirect URLs for Sign In , Sign up and forgot password workflows , we have used the localhost with port number which we would have created when the app runs. Example http://localhost:18090. Everything is working fine, except for Logout. But the problem is Logout URLs does not support 'http' URLs, as it throws me a error to enter only https URL.

Please suggest is there any other way we can proceed in case of Logout using http://localhost.

5 answers

Your answer

Answer 1

AmanpreetSingh-MSFT 56,866 Moderator

Hello @ShruthiM-6084

The new App registrations experience doesn't allow adding URIs with HTTP scheme on the UI. As a workaround, you may try setting the HTTP url for the logoutURL parameter in App Manifest as highlighted below:

On the UI that you have shared in your comment, you will still get The logout URL must start with HTTPS message but the URL will be saved. If you use below PowerShell Cmdlet to view properties of the application, you will see the HTTP URL set as the logout url.

Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

AmanpreetSingh-MSFT 56,866 Reputation points Moderator

2020-07-31T12:37:48.753+00:00

@Shruthi M Have you had a chance to test it out?
Jason A 16 Reputation points

2021-08-04T16:42:25.21+00:00
II just tested this by setting the logoutUrl in the manifest as suggested:

"logoutUrl": "http://localhost:3000/logout",

I and when saving I get the error: Failed to update myapp application. Error detail: Your url scheme is not allowed.

I tried clicking save a few times and get that error. When navigating away and then back to the manifest, it shows the logoutUrl as null again. So no luck.

Answer 2

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Moderator

http://localhost:* can be used as both login and logout redirect url. Please share your full logout URL.

Shruthi M 6 Reputation points

2020-07-28T07:08:19.633+00:00

If I try to enter the Logout URL, it throws me a error to enter only https URL. Its not allowed to enter http URL.
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2020-08-03T19:37:48.207+00:00

@Shruthi M , as stated by @AmanpreetSingh-MSFT you can bypass the portal limitation editing the app manifest. Optionally and for user flows (which do not leverage the LogoutUrl) you can specify the post_logout_redirect_uri parameter like this:

https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout?post_logout_redirect_uri=http://localhost
Fabrice Daugan 6 Reputation points

2022-02-20T09:14:00.82+00:00

You cannot edit (forge) the manifest to bypass this check. HTTPS sheme still required for the logout.

Answer 3

CADORET Guillaume Ext OBS/DD 1

same issue here

Answer 4

john dufff 1

Any update on this matter ?

Answer 5

I have the same issue. Editing the manifest does not work either since it checks that you have entered an HTTPS address.

On the Authentication page under Redirect URIs, it says:

The URIs we will accept as destinations when returning authentication responses (tokens) after successfully authenticating or signing out users.

Is this where the logout URI should be, alongside the login URI? I tried that but it does not seem to work. And if I try to enter my logout URI where it says Front-channel logout URL, I can't enter an HTTP address.

Share via

Azure Logout redirect URL as http instead of https

5 answers

Your answer