An ASP.NET Core Web App which lets sign-in users (including in your org, many orgs, orgs + personal accounts, sovereign clouds) and call Web APIs (including Microsoft Graph)
MIT License
1.38k
stars
992
forks
source link
Revoke session/Reset password not Asking relogin even enabled CAE in WebAPP code #767
After i ran application i have reset password and revoke session.
I have not closed running application and clicked on profile then should ask re-login as expected. But graph API always getting data so application not asking re-login .
As my knowledge CAE is by default enables and request token we are sending "ClientCapabilities": [ "cp1" ],.
If we have any CAE sample in Angular or WebAPP or ReactJS please let me know. In Angular sample sample also i am facing same problem rasied issue today.
Please let me CAE is General availability for critical incidents or not. It is high priority to implement in my project so doing POC .
Reproduction steps
After i ran application i have reset password and revoke session.
I have not closed running application and clicked on profile then should ask re-login as expected. But graph API always getting data so application not asking re-login .
Microsoft.Identity.Web version
2.18
Web app sign-in
1-WebApp-OIDC/1-1-MyOrg
Web API (call Graph or downstream APIs)
2-WebApp-graph-user/2-1-Call-MSGraph
Deploy to Azure
5-WebApp-AuthZ/5-1-Roles
Auth Z
6-Deploy-to-Azure
Description
https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/2-WebApp-graph-user/2-1-Call-MSGraph#explore-the-sample
After i ran application i have reset password and revoke session. I have not closed running application and clicked on profile then should ask re-login as expected. But graph API always getting data so application not asking re-login . As my knowledge CAE is by default enables and request token we are sending "ClientCapabilities": [ "cp1" ],.
If we have any CAE sample in Angular or WebAPP or ReactJS please let me know. In Angular sample sample also i am facing same problem rasied issue today.
Please let me CAE is General availability for critical incidents or not. It is high priority to implement in my project so doing POC .
Reproduction steps
After i ran application i have reset password and revoke session. I have not closed running application and clicked on profile then should ask re-login as expected. But graph API always getting data so application not asking re-login .
Error message
No response
Id Web logs
No response
Relevant code snippets
Regression
No response
Expected behavior
After reset password the application should ask re-login but not asking due to GraphAPI always sending the data even CAE enabled