7

Is it possible to log out without redirect?

Every time I sign up user I need to verify if the user that is in external DB (db with invitation tokens). I do it just after sign up is completed. When I discover that user shouldn't be a allowed to log in I need to call logout to clear cookies/storage in login popups (if I don't after opening singin popup again azure tries to log user in automatically and is not allowing to, for example, sign up again). The refresh of the page is unnecessary in my case, since it's a sign up process and I'm already at the login page to what it refreshes.

Akak
  • 95
  • 1
  • 2
  • 8

1 Answers1

12

When logging out we need to clear the cookies both for the application, and for https://msft.sts.microsoft.com. Clearing the cookies for https://msft.sts.microsoft.com can only be done by the STS itself (security isolation), and therefore it needs to redirect to the postlogoutRedirectUrl afterward.

It looks like logoutPopup() isn't currently supported in MSAL.js. Such a method would allow your users to stay within the popup window. https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/113

You can create a feature request for this here. https://feedback.azure.com/forums/169401-azure-active-directory?query=msal.js%20logout

Marilee Turscak - MSFT
  • 7,367
  • 3
  • 18
  • 28
  • 3
    Thank you Marilee for the clarification. After some more digging, I realized that popup has to store some data in a browser on its own domain and I can't override it manually. I'll drop a request soon. Thanks again. – Akak Jan 25 '19 at 20:11
  • It is supported in the mean time : https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/logout.md – dampee Jan 23 '23 at 13:25