A web app that calls web APIs: Remove accounts from the token cache on global sign-out

You learned how to add sign-in to your web app in Web app that signs in users: Sign-in and sign-out.

Sign-out is different for a web app that calls web apis. When the user signs out from your application, or from any application, you must remove the tokens associated with that user from the token cache.

Intercept the callback after single sign-out

To clear the token-cache entry associated with the account that signed out, your application can intercept the after logout event. Web apps store access tokens for each user in a token cache. By intercepting the after logout callback, your web application can remove the user from the cache.

Microsoft.Identity.Web takes care of implementing sign-out for you. For details see Microsoft.Identity.Web source code

Next steps

Move on to the next article in this scenario, Acquire a token for the web app.