search

Azure-Samples / ms-identity-mobile-apple-swift-objc

An iOS sample in Swift that authenticates Microsoft Account and Azure AD users and calls the Graph API using OAuth 2.0
https://aka.ms/aaddev
74 stars 37 forks source link

Using MSAL to clear tokens on Microsoft #41

Closed sgby1234 closed 4 years ago

sgby1234 commented 5 years ago

Hi, Is there a way to invalidate tokens? I am currently using the library and signing out users by calling applicationContext.remove(account) This clears the token from the app, but the token is still valid with Microsoft. I would like to completely sign out the user, such that if I were to send a request to Microsoft using the token I would be told that the token is no longer valid. Currently I am making a request to https://graph.microsoft.com/v1.0/me and am passing in my access token to test if I am still signed in with Microsoft.

I've been researching and some people have been saying to call the Microsoft API, https://login.windows.net/<tenent-id>/oauth2/logout - but this API brings up a webpage. Is there a way to do this silently and pass in the tokens as a request body?

Thank you!

oldalton commented 4 years ago

There's no way to do it silently without bringing up the webpage, as MSAL doesn't have control over ASWebAuthenticationSession. This is an explicit design decision by Apple to ensure security of cookies.