Multiple Microsoft account confuses MSAL in dev.azure.com

Petteys, Kevin 91 Reputation points
2022-01-18T17:37:22.607+00:00

Issue
I have 4 Microsoft accounts. When I try to log in to dev.azure.com with account A using Microsoft Edge signed in as account B, it is trying to use account C to log in. I have restarted Edge, and it still tries to use Account C. Account C doesn't have an Azure Dev Ops organization, so it always asks me to create one.

My initial though
It seems this issue is bigger than just dev.azure.com not providing a logout button on this page. The real issue is Microsoft is caching accounts and allowing the cache between browser sessions. At a high level it seems like token hijacking because they have to be storing tokens outside the page and adding it to the session later. Ultimately, it's really concerning because it is not obvious when you are logging into a website. Oauth is supposed to help the users control access to their data, but how so if they don't even know when applications are using their data?

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,106 questions
{count} votes