ADAL: W8.1 app trying to log user out

Question

I\'ve got a proof of concept W8.1-app that allows to authenticate a user with an Azure Active Directory using the ADAL library.

I\'ve got the part of allowing the user t

Answer 1

The actual user session is determined by two different components: the token cache (under ADAL's control) and any session tracking cookies that might be present in the system (not under ADAL's control).

As you point out, you can easily take care of the token cache part. However the logic you mentioned for clearing up cookies will NOT work on Windows Store applications. It works on WPF because for desktop apps, the cookie jar used during authentication is the one of the application itself. On Windows Store, authentication takes pace with the WebAuthenticationBroker, which has its own cookie jar that is separate and unreachable from your application code.

The most robust approach there is not to create any persistent cookie (e.g. NOT clicking "remember me" during authentication). However, if you end up with such a cookie, the main way of getting rid of it is triggering a sign out from the same WebAuthenticationBroker - the server will take care of cleaning things up. In terms of code:

string requestUrl = "https://login.windows.net/common/oauth2/logout";
Task.Run(async () =>
{
    try
    {
        await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.SilentMode, new Uri(requestUrl));
    }
    catch (Exception)
    {
        // timeout. That's expected
    }
});