Azure Active Directory Logout with ADAL library

azure azure-active-directory adal
14,702

Solution 1

I don't think this would work. You would need to redirect the user to logout URL for logout to work.

Here's how you can create a logout URI:

https://login.microsoftonline.com/{0}/oauth2/logout?post_logout_redirect_uri={1}

Where:

  • {0} - Fully qualified name of your Azure Active Directory e.g. yourad.onmicrosoft.com or tenant id.
  • {1} - The URL of your application where a user must be redirected back after the logout is complete. This should be properly URL encoded.

Solution 2

If you goal is to sign in a s a different user, you don't strictly need to log out the first user from its session with Azure AD. You can pass PrompBehavior.Always in your AcquireToken call, so that you will be guaranteed to prompt the user with a clean credential gathering UX. Note: if you want to wipe every trace of the first user from the app you can keep the cache cleanup code you have. ADAL allows you to keep tokens for multiple users tho, hence if your app as multi-user functions this might be useful - the catch is that if you do so, at every AcquireToken you'll have to also specify which user you want a token for or ADAL won't know which one to return. If you don't need multiple users at once, the cache cleanup + PromptBehavior.Always remains the easiest path.

Solution 3

You can do this for clear cache : 

        CookieManager cookieManager = CookieManager.getInstance();
        cookieManager.removeAllCookie();
        CookieSyncManager.getInstance().sync();
        mAuthContext.getCache().removeAll();
Share:
14,702
de li
Author by

de li

Updated on June 04, 2022

Comments

  • de li
    de li almost 2 years

    I used the my Azure Active Directory to protect my web API and I create a native application in the Azure management portal. This native application is basically a MVC web application and I use the ADAL library to get the token and call the api with that token. The code I used to get the token is shown below:

    AuthenticationContext ac = new AuthenticationContext(authority);
AuthenticationResult ar = ac.AcquireToken(resourceID, clientID, redirectURI);
string accessToken = ar.AccessToken;

    Now I need to logout and switch to another user but somehow the user credentials are remembered by the system. I clear the token cache in the authentication context and post logout api request as follows where *** is my tenant ID.

    //Log out after api call
ac.TokenCache.Clear();

string requestUrl = "https://login.windows.net/***/oauth2/logout";

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
var response = await client.SendAsync(request);

    The api call succeeds but the logout doesn't work. What should I do to logout and switch to another user?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why does AcquireToken with ClientCredential fail with invalid_client (ACS50012)?
'authority' should be in Uri format Parameter name: authority
ADAL.NET v3 does not support AcquireToken with UserCredential?
The client xxx with object id xxx does not have authorization to perform action Microsoft.Resources/subscriptions/resourcegroups/write' over scope
Failure to generate access token using refresh token for O365 API
On premise Active Directory ObjectId is different than Azure Active Directory ObjectId
AADSTS900144: The request body must contain the following parameter: 'scope' when using legacy Developer Portal
Update claims in ClaimsPrincipal
AADSTS50020: We are unable to issue tokens from this api version for a Microsoft account
Check if username exist in Microsoft Azure Active Directory