Error in Logout through MSAL.JS in Javascript / Angular 6 SPA application using B2C

Question

I have one Javascript SPA application using MSAL.JS for authentication against Azure AD B2C and another Angular 6 SPA application using MSAL for Angular against Azure AD B2C.

In both the applications the logout is throwing below error.

Correlation ID: 6de6e068-7b07-4d24-bac4-c1af3131815b Timestamp: 2018-09-25 16:16:20Z AADB2C90272: The id_token_hint parameter has not been specified in the request. Please provide token and try again.

For Logout, MSAL has very simple logout api which does not take any parameter, so how can I provide id_token_hint? Am I missing something? Is there any config parameter I need to provide while injecting MsalModule in Angular Application. Or anything similar in Javascript app for Msal.UserAgentApplication.

Answer 1

I m basically using the currently latest "msal": "^0.2.3" , this is my authentication service, there is no configuration needed in the app.module, and the logout works perfectly:

import { Injectable } from '@angular/core';
import { environment } from '../../environments/environment';
import * as Msal from 'msal';
import { User } from "msal/lib-commonjs/User";
import { ApiService } from './api.service';
import { BackendRoutes } from './backend.routes';

@Injectable()
export class AuthenticationService {
    private _clientApplication: Msal.UserAgentApplication;
    private _authority: string;

constructor(private apiService: ApiService, private backendRoutes: BackendRoutes) {
    this._authority = `https://login.microsoftonline.com/tfp/${environment.tenant}/${environment.signUpSignInPolicy}`;

    this._clientApplication =
        new Msal.UserAgentApplication(
            environment.clientID,
            this._authority,
            this.msalHandler,
            {
                cacheLocation: 'localStorage',
                redirectUri: window.location.origin
            });
}

msalHandler(errorDesc: any, token: any, error: any, tokenType: any) {
    let userAgent: Msal.UserAgentApplication = <any>(this);
    if (errorDesc.indexOf("AADB2C90118") > -1) {
        //Forgotten password
        userAgent.authority = `https://login.microsoftonline.com/tfp/${environment.tenant}/${environment.passResetPolicy}`;
        userAgent.loginRedirect(environment.b2cScopes);

    } else if (errorDesc.indexOf("AADB2C90077") > -1) {
        //Expired Token, function call from interceptor with proper context
        this.logout();
    }
}

addUser(): void {
    if (this.isOnline()) {
        this.apiService.post(this.backendRoutes.addUser).subscribe();
    }
}

login(): void {
    this._clientApplication.loginRedirect(environment.b2cScopes);
}

logout(): void {
    this._clientApplication.logout();
}

getAuthenticationToken(): Promise<string> {
    return this._clientApplication.acquireTokenSilent(environment.b2cScopes)
        .then(token => token)
        .catch(error => {
            return Promise.reject(error);
        });
}

And the interceptor linked to it:

export class AuthenticationHttpInterceptor implements HttpInterceptor {

    constructor(private authenticationService: AuthenticationService) {
    }

    intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
        return from(this.authenticationService.getAuthenticationToken()
            .then(token => {
                return req.clone({
                    setHeaders: {
                        Authorization: `Bearer ${token}`
                    }
                });
            })
            .catch(err => {
                this.authenticationService.msalHandler(err,null,null,null);
                return req;
            }))
            .switchMap(req => {
                return next.handle(req);
            });
    }
}