A web app that calls web APIs: Remove accounts from the token cache on global sign-out

Applies to: Workforce tenants (learn more)

Sign-out is different for a web app that calls web APIs. When the user signs out from your application, or from any application, you must remove the tokens associated with that user from the token cache. Refer to Sign in users in a sample web app for details on how to implement sign-in in a web app.

Intercept the callback after single sign-out

To clear the token-cache entry associated with the account that signed out, your application can intercept the after logout event. Web apps store access tokens for each user in a token cache. By intercepting the after logout callback, your web application can remove the user from the cache.

ASP.NET Core

Microsoft.Identity.Web takes care of implementing sign-out for you. For details see Microsoft.Identity.Web source code

ASP.NET

The ASP.NET sample doesn't remove accounts from the cache on global sign-out.

Java

The Java sample doesn't remove accounts from the cache on global sign-out.

Node.js

The Node sample doesn't remove accounts from the cache on global sign-out.

Python

The Python sample doesn't remove accounts from the cache on global sign-out.

Next steps

ASP.NET Core

Move on to the next article in this scenario, Acquire a token for the web app.

ASP.NET

Move on to the next article in this scenario, Acquire a token for the web app.

Java

Move on to the next article in this scenario, Acquire a token for the web app.

Node.js

Move on to the next article in this scenario, Acquire a token for the web app.

Python

Move on to the next article in this scenario, Acquire a token for the web app.