Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Front-channel logout not triggering across multiple applications #7468

Closed
2 tasks
RamyAlshurafa opened this issue Dec 16, 2024 · 5 comments
Closed
2 tasks

Front-channel logout not triggering across multiple applications #7468

RamyAlshurafa opened this issue Dec 16, 2024 · 5 comments
Labels
b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package msal-react Related to @azure/msal-react Needs: Attention 👋 Awaiting response from the MSAL.js team no-issue-activity Issue author has not responded in 5 days public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@RamyAlshurafa
Copy link

RamyAlshurafa commented Dec 16, 2024
edited
Loading

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.27.0

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

2.2.0

Public or Confidential Client?

Public

Description

I have configured multiple applications within Azure Active Directory B2C and am utilizing MSAL.js for authentication.
For App 1, I have set the Front-channel logout URL to https://app1.com/logout. However, when I initiate a logout from another application (App 2), the Front-channel logout URL for App 1 is not called, resulting in the accounts remaining active in App 1.

Error Message

No response

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

  • Sent
  • Pending

MSAL Configuration

export const msalConfig = {
  auth: {
    clientId: REACT_APP_AZURE_CLIENT_ID,
    authority: `https://${REACT_APP_AZURE_BASE_URL}/${REACT_APP_AZURE_TENANT_DOMAIN}/b2c_1_signin_signup`,
    redirectUri: window.location.origin,
    knownAuthorities: [REACT_APP_AZURE_BASE_URL],
    navigateToLoginRequestUrl: true,
  },
  cache: {
    cacheLocation: 'localStorage', // You can use "sessionStorage" instead
    storeAuthStateInCookie: true, // Set this to "true" if you are having issues on IE11 or Edge
  },
  system: {
    loggerOptions: {
      loggerCallback: (level, message, containsPii) => {
        if (containsPii) {
          return;
        }
        switch (level) {
          case LogLevel.Error:
            console.error(message);
            return;
          case LogLevel.Info:
            console.info(message);
            return;
          case LogLevel.Verbose:
            console.debug(message);
            return;
          case LogLevel.Warning:
            console.warn(message);
            return;
          default:
            return;
        }
      },
    },
  },
};

Relevant Code Snippets

const logout = async () => {
    await Users.logout();

    await instance.logoutRedirect({
      postLogoutRedirectUri: window.location.origin,
    });
  };

Reproduction Steps

  1. Configure two applications (App 1 and App 2) in Azure AD.
  2. Set the Front-channel logout URL for App 1 to https://app1.com/logout.
  3. Log in to both applications using the same user account.
  4. Log out from App 2.
  5. Observe that App 1 remains logged in, and no request is made to the Front-channel logout URL of App 1.

Expected Behavior

Logging out from App 2 should trigger the Front-channel logout URL of App 1, resulting in the user being signed out from both applications.

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome

Regression

No response
@RamyAlshurafa RamyAlshurafa added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Dec 16, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Dec 16, 2024
@github-actions github-actions bot added b2c Related to Azure B2C library-specific issues msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications msal-react Related to @azure/msal-react and removed msal-angular Related to @azure/msal-angular package labels Dec 16, 2024
@sameerag
Copy link
Member

@RamyAlshurafa If 3P cookies are disabled on your browser, this behavior will be broken. Can you confirm your browser settings?

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Author Feedback Awaiting response from issue author and removed Needs: Attention 👋 Awaiting response from the MSAL.js team labels Dec 16, 2024
@RamyAlshurafa
Copy link
Author

@sameerag here are my settings
image

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Attention 👋 Awaiting response from the MSAL.js team and removed Needs: Author Feedback Awaiting response from issue author labels Dec 17, 2024
@hectormmg
Copy link
Member

@RamyAlshurafa is the front-channel logout URL registered in App 1 or App 2? In order for front-channel logout to be invoked, the client application that is sending the logout request to the server must have the front-channel logout URL in its app registration.

If I'm not misunderstanding your description, it sounds like App 1 has a front-channel logout registered for its own domain and App 2 has no reference to it in its app registration.

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Author Feedback Awaiting response from issue author no-issue-activity Issue author has not responded in 5 days and removed Needs: Attention 👋 Awaiting response from the MSAL.js team labels Dec 17, 2024
@RamyAlshurafa
Copy link
Author

@hectormmg Actually i have 5 apps, but for testing the logout, I have added the front-channel logout URL for App1 only to be app1.com/logout, Other apps don't have front-channel logout URLs yet.

Isn't it correct that the front-channel logout URL for app 1 should be called when I log out from app 2 for example?

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Attention 👋 Awaiting response from the MSAL.js team and removed Needs: Author Feedback Awaiting response from issue author labels Dec 23, 2024
@RamyAlshurafa
Copy link
Author

Hi @hectormmg
Not sure why the bot has closed the issue

Can you check my comment please,
Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package msal-react Related to @azure/msal-react Needs: Attention 👋 Awaiting response from the MSAL.js team no-issue-activity Issue author has not responded in 5 days public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hectormmg @sameerag @RamyAlshurafa