msal-angular@2 logout request is cancelled

[pcampospulsarsd]

Library

• [X] @azure/msal-angular@2.0.0-alpha.3
• [X] @azure/msal-browser@2.9.0

Framework

• [X] Angular 10

Description

We are following the example in angular11-b2c-sample and having issues when we logout the user calling msalService.logout(), as we have observed the following is happening:

• There would be a cancelled call to https://<directory>.b2clogin.com/<directory>.onmicrosoft.com/b2c_1_sign_up_sign_in/oauth2/v2.0/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A4202%2F&client-request-id=<id> - we currently do not understand why this gets cancelled, is this expected?
• The cookies get cleared and likely the local storage as well
• There would be a call to https://<directory>.b2clogin.com/<directory>.onmicrosoft.com/b2c_1_sign_up_sign_in/oauth2/v2.0/authorize - we currently do not understand why authorize is being called at this stage but this seems to be the one triggering the redirection back to the application
• We then go back to the application
• There would be a call to https://<directory>.b2clogin.com/<directory>.onmicrosoft.com/b2c_1_sign_up_sign_in/oauth2/v2.0/token - we currently do not understand what triggers this one and why it is successful since we have just logged out.
  • We are guessing for now that it is successful because the session in the server might still be alive

As we observe it to be different based on angular11-b2c-sample which we have updated to the library versions above, we are curious if there is any azure configuration that we might have missed? so far we have configured it as follows:

• AD B2C - app registration authentication
  • add SPA application redirect uri
  • set Allow public client flows to yes

Notes:

• B2C is used
• Redirection (instead of popup) is used

Source

• [X] Customer request

Thank you.

[jo-arroyo]

@pcampospulsarsd Can you clarify what you mean by calls cancelled? This is not expected behavior. Could you also provide your configurations and usage?

[pcampospulsarsd]

@jo-arroyo , thank you for the confirming that that is not the expected behaviour. With that information, we instead did the msal-angular integration part from the start and making sure it is aligned with the example of angular11-b2c-sample. At the same time revisited the azure configuration which is aligned with what is specified in the pre-requisites. With those parts reviewed, it is now working seamlessly.

This question can be marked as resolved for now, below would be the information on what we think caused the issue.

Can you clarify what you mean by calls cancelled?

• The call to logout was aborted, the har file "response" for the postLogout is as follows :

  "response": {
  "status": 0,
  "statusText": "",
  "httpVersion": "",
  "headers": [],
  "cookies": [],
  "content": {
  "size": 0,
  "mimeType": "x-unknown"
  },
  "redirectURL": "",
  "headersSize": -1,
  "bodySize": -1,
  "_transferSize": 0,
  "_error": "net::ERR_ABORTED"
  }

• Which we believe was due to the immediately succeeding call to authorize endpoint.

As for the cause, after investigating, it is likely caused by the code base having lots of listeners which have unchecked code inside which likely triggered the authorize endpoint to call an api.