Azure AD B2C - 从所有会话中注销用户 [英] Azure AD B2C - Sign out a user from all sessions

问题描述

我有 3 个网站使用一个 B2C 租户.我被要求进行设置，以便当用户退出一个网站时，将其全部退出.

I have 3 websites using a single B2C tenant. I have been asked to set it up so that when a user signs out of one website, sign out of them all.

如果他们的帐户被删除，也是如此.

Likewise if their account is deleted.

我认为我必须在每个请求上引入对 Azure 的调用以确定用户是否仍然登录，但据我所知，没有一个 Graph API 端点可以让我确定用户状态.

I thought that I would have to introduce a call to Azure on every request to determine if the user is still logged in, but as far as I can see, there isn't a Graph API endpoint that would allow me to determine the user status.

我是不是想错了?有没有办法使用 B2C、Graph API、Active Directory 客户端等轻松做到这一点?

Am I thinking about this the wrong way? Is there a way to do this easily using B2C, Graph API, the Active Directory client etc.?

例如，在设置 OpenIdConnectAuthenticationOptions 时可能有一个选项.

Maybe there is an option when setting up the OpenIdConnectAuthenticationOptions for example.

推荐答案

我可能会迟到.但如果这有帮助的话.交流到文档

I might be late. But if that helps. A.c to docs

当您将用户重定向到 Azure AD B2C 注销终结点(适用于 OAuth2 和 SAML 协议)时，Azure AD B2C 会从浏览器中清除用户的会话.但是，用户可能仍会登录到使用 Azure AD B2C 进行身份验证的其他应用程序.为了使这些应用程序能够同时将用户注销，Azure AD B2C 向用户当前登录的所有应用程序的已注册 LogoutUrl 发送 HTTP GET 请求.

When you redirect the user to the Azure AD B2C sign-out endpoint (for both OAuth2 and SAML protocols), Azure AD B2C clears the user's session from the browser. However, the user might still be signed in to other applications that use Azure AD B2C for authentication. To enable those applications to sign the user out simultaneously, Azure AD B2C sends an HTTP GET request to the registered LogoutUrl of all the applications that the user is currently signed in to.

应用程序必须通过清除任何标识用户的会话并返回 200 响应来响应此请求.如果您想在应用程序中支持单点注销，则必须在应用程序代码中实现 LogoutUrl.

Applications must respond to this request by clearing any session that identifies the user and returning a 200 response. If you want to support single sign-out in your application, you must implement a LogoutUrl in your application's code.

这称为单点注销.请参考 https:///docs.microsoft.com/en-us/azure/active-directory-b2c/session-overview#single-sign-out

This is called single sign out . Please refer to https://docs.microsoft.com/en-us/azure/active-directory-b2c/session-overview#single-sign-out

这篇关于Azure AD B2C - 从所有会话中注销用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！