angularazure-active-directoryazure-ad-msaladalazure-ad-b2c

Not clearing token when logging out using Angular, MSAL and Azure AD B2C


I have downloaded the Azure AD B2c Angular tutorial from https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial

I have set it up and it's all running ok:

However, after I logout, and it appears to have cleared the token - (and even if I clear all the storage using Devtools), if I go to to the guarded page again, it logs me in automatically without requiring email/password.

Am I missing something?


Solution

  • Ok, I finally found an answer to the problem:

    In the auth-config.ts find this code:

    export const loginRequest = {
        scopes: []
    }
    

    Change it to:

    export const loginRequest = {
        scopes: [],
        prompt: 'login'
    }
    

    This forces the user to enter their credentials on that request, negating single-sign on.

    More details can be found here