[SOLVED] Not clearing token when logging out using Angular, MSAL and Azure AD B2C

Not clearing token when logging out using Angular, MSAL and Azure AD B2C

I have downloaded the Azure AD B2c Angular tutorial from https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial

I have set it up and it's all running ok:

I can login
If I try to view an unguarded page without logging in it redirects me to login page.
I can logout

However, after I logout, and it appears to have cleared the token - (and even if I clear all the storage using Devtools), if I go to to the guarded page again, it logs me in automatically without requiring email/password.

Am I missing something?

Solution

Ok, I finally found an answer to the problem:

In the auth-config.ts find this code:

export const loginRequest = {
    scopes: []
}

Change it to:

export const loginRequest = {
    scopes: [],
    prompt: 'login'
}

This forces the user to enter their credentials on that request, negating single-sign on.

More details can be found here