Logout removes all cache entries for all apps in the same origin, irrespective of ClientID.

[richard-thai]

trafficstars

Core Library

MSAL.js v2 (@azure/msal-browser)

Wrapper Library

MSAL React (@azure/msal-react)

Public or Confidential Client?

Public

Description

We have a number of applications hosted in the same origin, each with it own app registration. The issue we are finding is, whenever the user logs out of one application, all the other applications are also effected.

At present, the logout process remove all cache entries matching the accountId. It does not take into consideration the ClientID.

It would be nice to be able to scope the logout to a particular Client ID.

Source

External (Customer)

[sameerag]

@richard-thai Have you tried calling logout with the specific account? We clear the cache of a single account if we are provided the account, else delete all cache.

Please let me know if this helps with your scenario.

[richard-thai]

@richard-thai Have you tried calling logout with the specific account? We clear the cache of a single account if we are provided the account, else delete all cache.

Please let me know if this helps with your scenario.

Thank you sameerag, in this instant, the same account is used to SSO into multi applications of the same origin.

[sameerag]

cc @richard-thai Okay, so you are looking at app specific logout instead of account specific logout. I need to check if this is a quick fix or not from our end. Please watch this space and I will get back.

[richard-thai]

Much appreciates @sameerag. It would be fantastic if the logout can be application specific since the cached values include a ClientID. Thank you.

[sameerag]

@richard-thai I have checked with my team and to support this, we want to ensure the functionality fits for all our flows. I have raised an internal tracker for this feature.

I will update here if we decide to pick it up once I have all the data.

cc @EmLauber