Multiple Microsoft account confuses MSAL in dev.azure.com
I have 4 Microsoft accounts. When I try to log in to dev.azure.com with account A using Microsoft Edge signed in as account B, it is trying to use account C to log in. I have restarted Edge, and it still tries to use Account C. Account C doesn't have an Azure Dev Ops organization, so it always asks me to create one.
My initial though
It seems this issue is bigger than just dev.azure.com not providing a logout button on this page. The real issue is Microsoft is caching accounts and allowing the cache between browser sessions. At a high level it seems like token hijacking because they have to be storing tokens outside the page and adding it to the session later. Ultimately, it's really concerning because it is not obvious when you are logging into a website. Oauth is supposed to help the users control access to their data, but how so if they don't even know when applications are using their data?
Hi @kevin petteys ,
It looks like the issue is related to Microsoft account, for better understanding the issue, I want to confirm the following things with you:
- Does browser
InPrivate/Incognitomode have the same problem?
- Do other MS resources have the same problem?
- Have you tried clearing your browser cache, does this work?
In addition, if only DevOps has this problem, I recommend that you open a new thread in the Developer Community.
- Does browser
Sign in to comment