stackoom
  简体   繁体   中英

Msal v2 library, handle logout for SSO (Node.js and Vue.js)

 原文  2021-10-05 08:37:17       javascript/ node.js/ vue.js/ microsoft-graph-api/ msal

Question

The problem:

Using msal v2, when user log in to the app via Microsoft account, it saves params to the sessionStorage and it all works great, problem happens when user logs out in the Office.com or any other site using Microsoft SSO. Since the data is still saved in sessionStorage (tried same with localStorage ) the AcquireSilentToken(...) resolves with the cached data, even though the user has been logged out.

Tried How to know if a given user is already logged in with MSAL?

It suggest using AcquireSilentToken(...) but it resolves promise without error since it checks sessionStorage .

My case:

In the middleware I would like to do:

const promise = msalInstance.acquireTokenSilent(graphScopes);
  promise.then(resp=>{
    //User is logged continue next();
      }).catch(error=>{
    //User is not logged in clear sessionStorage/localStorage and next('/login')
  });

So if anyone can help me with the way of asking the thru msal if user has logged out. I would really appreciate it.

1 answers

solution1
 1 ACCPTED  2021-10-11 18:52:33

This behavior is by design. AAD services uses cookies to remember who you are and to automatically sign you in.

The sign-out process for services forces the session cookies to expire. These session cookies are used to maintain your sign-in state when you use these services. However, because the web browser is still running and may not be updated to handle cookies correctly, you may have a cookie that is not updated to expire and finish the sign-out process. By default, these cookies are valid for eight hours or are set to expire when you close all web browsers.

const promise = msalInstance.acquireTokenSilent(graphScopes);
  promise.then(resp=>{
    const logoutRequest = {
           account: instance.getAccountByHomeId(homeAccountId),
    postLogoutRedirectUri: "your_app_logout_redirect_uri"
}
instance.logoutRedirect(logoutRequest);
  }).catch(error=>{
//User is not logged in clear sessionStorage/localStorage and next('/login')

});

Also this is a known issue .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to integrate Dialogflow v2 with javascript frontend (Vue.js) Dynamically rendering child components in Vue.js v2 How to deploy a Vue.js application on Node.js server Testing sessions in Vue.js and Node.js development environment Node.JS and Vue.JS Post action Calling a Node.js server with Vue.js Redirect page on vue.js from node.js Deploy Node.js with Vue.js app to Hostinger vue.js variables is not Working With Node.js : Node.js + Vue.js: why is console.log() in vue.js files not showing in console?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM