A web app that calls web APIs: Remove accounts from the token cache on global sign-out
You learned how to add sign-in to your web app in Web app that signs in users: Sign-in and sign-out.
Sign-out is different for a web app that calls web apis. When the user signs out from your application, or from any application, you must remove the tokens associated with that user from the token cache.
Intercept the callback after single sign-out
To clear the token-cache entry associated with the account that signed out, your application can intercept the after
logout event. Web apps store access tokens for each user in a token cache. By intercepting the after
logout callback, your web application can remove the user from the cache.
Microsoft.Identity.Web takes care of implementing sign-out for you. For details see Microsoft.Identity.Web source code