search

AzureAD / microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
http://aka.ms/aadv2
MIT License
3.64k stars 2.64k forks source link

Logout Redirection issue #3590

Closed eluchsinger closed 3 years ago

eluchsinger commented 3 years ago

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.14.1

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

2.0.0-beta.5

Description

There is a mismatch about what the documentation says about the post logout redirection and what actually happens. I will try to elaborate. The documentation can be found here.

postLogoutRedirectUri is required in order for MSAL to be able to close the popup when signout is complete

If I don't set the postLogoutRedirectUri, the popup still closes.

postLogoutRedirectUri will be opened in the popup window, not the main frame. If you need your top level app to be redirected after logout you can use the mainWindowRedirectUri parameter on the logout request.

If I set the postLogoutRedirectUri, I am not sure if the URI is opened in the popup window, but what I am experiencing is that it is opening in the main frame for sure. I can not find a difference between the postLogoutRedirectUri and the mainWindowRedirectUri inside of the logout request.

Error Message

No response

Msal Logs

No response

MSAL Configuration

{
  auth: {
    clientId: environment.AzureClientId,
    authority: b2cPolicies.authorities.signUpSignIn.authority,
    redirectUri: environment.FrontendBaseUrl,
    postLogoutRedirectUri: environment.FrontendBaseUrl,
    knownAuthorities: [environment.AzureB2CKnownAuthority],
  },
  cache: {
    cacheLocation: BrowserCacheLocation.LocalStorage,
    storeAuthStateInCookie: isIE, // set to true for IE 11
  },
}

Relevant Code Snippets

if (this.msalGuardConfig.interactionType === InteractionType.Popup) {
  return this.msal.logoutPopup({
    mainWindowRedirectUri: "/logout"
  });
} else {
  return this.msal.logoutRedirect();
}
if (this.msalGuardConfig.interactionType === InteractionType.Popup) {
  return this.msal.logoutPopup({
    postLogoutRedirectUri: "/logout"
  });
} else {
  return this.msal.logoutRedirect();
}

Both main frmes land in the /logout page.

Reproduction Steps

  1. Logout

Expected Behavior

I am not sure what the correct behavior should be, but either the docs or the behavior should be updated to match each other.

Identity Provider

Azure B2C Basic Policy

Browsers Affected (Select all that apply)

Edge

Regression

No response

Source

External (Customer)

hectormmg commented 3 years ago

Hi @eluchsinger

The reason the popup is closing even if you don't set the postLogoutRedirectUri in the token request configuration may be that you have it configured in the MSAL Client configuration (so MSAL is still adding it to the request). What the doc means is that the server requires a postLogoutReidrectUri because otherwise it won't know where to redirect the browser to. For that reason, if you don't specify a postLogoutRedirectUri in either the request or the top-level configuraiton, MSAL sets it to the current page by default.

We'll try to reproduce your issue ourselves to see if there's something else going one since the main window shouldn't be doing the redirect if mainWindowRedirectUri isn't set.

While we do that, could you please provide verbose MSAL logs so we can better diagnose the issue? Thanks!

eluchsinger commented 3 years ago

Hi @hectormmg I guess you mean the environment.FrontendBaseUrl variable in the MSAL Configuration. The value there is https://localhost:3000. That should not be causing the the /logout redirection.

tnorling commented 3 years ago

@eluchsinger This was in reference to your first question about why the popup still closes despite not including postLogoutRedirectUri on the request object.

postLogoutRedirectUri -> navigated to in the popup window mainWindowRedirectUri -> navigated to in the main window

Can you please provide logs and/or a link to a minimal reproduction? The main window should not be redirecting at all if mainWindowRedirectUri is not set on the request.

ghost commented 3 years ago

eluchsinger This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has not been resolved please leave a comment to keep this open. It will be closed in 7 days if it remains stale.

eluchsinger commented 3 years ago

Keep open

ghost commented 3 years ago

@eluchsinger This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.

eluchsinger commented 3 years ago
Keep open

tnorling commented 3 years ago

@eluchsinger We're still waiting for more information we requested from you. Please provide logs and/or a minimal reproduction so that we can assist you in debugging this. Thanks!

ghost commented 3 years ago

@eluchsinger This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.