如何在桌面应用程序中从Azure AD 2.0/MSAL注销? [英] How to sign out from Azure AD 2.0/MSAL in a desktop application?

问题描述

我在WPF桌面应用程序中使用MSAL，该应用程序需要允许用户使用Azure AD v2.0登录和注销. Microsoft的Graph访问示例和其他大多数示例请参阅使用PublicClientApplication.Remove(IUser)注销，例如

I'm using MSAL in a WPF desktop application that needs to allow users to sign in and out against Azure AD v2.0. Microsoft's Graph access sample and most of the other examples I see use PublicClientApplication.Remove(IUser) to log out, like in this function:

//(from Microsoft's example)

/// <summary>
/// Sign out the current user
/// </summary>
private void SignOutButton_Click(object sender, RoutedEventArgs e)
{
    if (App.PublicClientApp.Users.Any())
    {
        try
        {
            App.PublicClientApp.Remove(App.PublicClientApp.Users.FirstOrDefault());
            this.ResultText.Text = "User has signed-out";
            this.CallGraphButton.Visibility = Visibility.Visible;
            this.SignOutButton.Visibility = Visibility.Collapsed;
        }
        catch (MsalException ex)
        {
            ResultText.Text = $"Error signing-out user: {ex.Message}";
        }
    }
}

据我所见，Remove(IUser)似乎删除了该用户及其令牌的MSAL缓存，但似乎并没有真正注销该用户.如果我尝试再次登录到我的应用程序，则以前的用户将显示为已登录"，而单击将以该用户身份登录，而无需再次提供凭据. 使用Microsoft身份验证库(MSAL)时注销不起作用使我认为，鉴于MSAL的当前状态，我需要手动注销.

From what I can see, it looks like Remove(IUser) deletes MSAL's cache of that user and their tokens, but it doesn't seem like it's actually signing the user out. If I try to log in to my app again, my previous user will show up as "signed in" and clicking will log me in as that user without having to provide credentials again. Logout does not work when using Microsoft Authentication Library (MSAL) makes me think I will need to log out manually, given the current state of MSAL.

我发现了很多网络应用程序教程，例如

I've found a lot of web-app tutorials like this Microsoft one that say a sign-out should involve deleting the app's local record (what it looks like Remove(IUser) is doing), and also redirecting to some variant of

GET https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F

但是我的应用程序不在网络浏览器中，因此我不确定该如何处理.使用MSAL时我该如何真正注销?

But my app isn't in a web browser, so I'm not sure what to do with that request. How do I really log out while using MSAL?

推荐答案

是的，Remove(IUser)方法仅从缓存中删除用户. 我们尚未实现一种Signout方法，该方法在您编写时将利用注销端点.这是我们将来要提供的东西.请注意，退出有两种形式:从应用程序退出和从设备退出.

You are right, the Remove(IUser) method only removes the user from the cache. We have not yet implemented a Signout method, which would, as your write, leverage the logout endpoint. This is something we want to provide in the future. Note that there are two forms of sign-out: sign-out from the app, and signout from the device.

要回答您的最后一个问题，您的WPF应用程序确实不是Web浏览器，但包含一个嵌入式Web浏览器，该浏览器保留了会话cookie，需要通过向Azure AD发送注销请求来清除它.

To answer your last question, your WPF app is not a web browser indeed, but it contains an embedded web browser, which keeps a session cookie, that needs to be cleared by sending azure AD a logout request.

这篇关于如何在桌面应用程序中从Azure AD 2.0/MSAL注销?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！