用户更改后，Azure AD B2C在注销后重用以前的用户令牌 [英] Azure AD B2C reuses previous user's token after logout when user changes

问题描述

我们有一个应用程序，该应用程序使用MSAL.js通过Active Directory B2C对客户的Azure Active Directory进行身份验证.将来，我们将在组合中引入其他IDP，并将它们也连接到B2C.B2C通过自定义策略进行配置.SSO会话范围当前设置为租户".问题是，当用户注销应用程序时(我们称其为MSAL.js注销)，我可以看到其ID和访问令牌已从浏览器本地存储中消失，但由于其他原因，它们仍登录到其Azure AD中使用它的应用程序.因此，下次他们登录到应用程序时，只要他们具有AAD会话处于活动状态，B2C便不会提示他们输入凭据并自动登录.我了解这是设计使B2C支持SSO，我们希望SSO.但是，是否有一种方法可以让具有不同凭据的新用户在前一个用户在同一浏览器会话中注销后重新登录?

We have an application that uses MSAL.js to authenticate customers to their Azure Active Directories via Active Directory B2C. In the future we will introduce other IDPs in the mix and connect them to the B2C as well. B2C is configured via custom policies. SSO session scope is currently set to Tenant. The issue is that when user logs out of the application (and we call MSAL.js logout) I can see their ID and Access tokens are gone from the browser Local Storage, but they are are still logged in to their Azure AD because of other apps using it. So next time they login to the app B2C will not prompt them for credentials and automatically sign them in as long as they have AAD session active. I understand this is by design for B2C to support SSO, and we want SSO. However is there a way for a new user with different credentials to login fresh after the previous user logs out in the same browser session?

推荐答案

设置要登录的提示参数.EG:

Set the prompt param to login. EG:

获取https://{tenant} .b2clogin.com/{tenant} .onmicrosoft.com/{policy}/oauth2/v2.0/authorize?提示=登录

或使用MSAL.js:

Or using MSAL.js:

var request = {
    prompt: 'login',
}

userAgentApplication.loginRedirect(request);

这篇关于用户更改后，Azure AD B2C在注销后重用以前的用户令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！