1. 技术文章
  2. How to sign out from Azure AD 2.0/MSAL in a desktop application?

How to sign out from Azure AD 2.0/MSAL in a desktop application?

隐身守侯 提交于 2019-12-07 06:30:42

问题


I'm using MSAL in a WPF desktop application that needs to allow users to sign in and out against Azure AD v2.0. Microsoft's Graph access sample and most of the other examples I see use PublicClientApplication.Remove(IUser) to log out, like in this function:

//(from Microsoft's example)

/// <summary>
/// Sign out the current user
/// </summary>
private void SignOutButton_Click(object sender, RoutedEventArgs e)
{
    if (App.PublicClientApp.Users.Any())
    {
        try
        {
            App.PublicClientApp.Remove(App.PublicClientApp.Users.FirstOrDefault());
            this.ResultText.Text = "User has signed-out";
            this.CallGraphButton.Visibility = Visibility.Visible;
            this.SignOutButton.Visibility = Visibility.Collapsed;
        }
        catch (MsalException ex)
        {
            ResultText.Text = $"Error signing-out user: {ex.Message}";
        }
    }
}

From what I can see, it looks like Remove(IUser) deletes MSAL's cache of that user and their tokens, but it doesn't seem like it's actually signing the user out. If I try to log in to my app again, my previous user will show up as "signed in" and clicking will log me in as that user without having to provide credentials again. Logout does not work when using Microsoft Authentication Library (MSAL) makes me think I will need to log out manually, given the current state of MSAL.

I've found a lot of web-app tutorials like this Microsoft one that say a sign-out should involve deleting the app's local record (what it looks like Remove(IUser) is doing), and also redirecting to some variant of 

GET https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F

But my app isn't in a web browser, so I'm not sure what to do with that request. How do I really log out while using MSAL?


回答1:


You are right, the Remove(IUser) method only removes the user from the cache. We have not yet implemented a Signout method, which would, as your write, leverage the logout endpoint. This is something we want to provide in the future. Note that there are two forms of sign-out: sign-out from the app, and signout from the device.

To answer your last question, your WPF app is not a web browser indeed, but it contains an embedded web browser, which keeps a session cookie, that needs to be cleared by sending azure AD a logout request.



来源:https://stackoverflow.com/questions/47517434/how-to-sign-out-from-azure-ad-2-0-msal-in-a-desktop-application

标签
c#
azure-active-directory
msal
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!