microsoft-authentication-library-for-js: postLogoutRedirectUri not working when authority url contains a tenant ID

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.30.0

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

1.4.9

Public or Confidential Client?

Public

Description

When I modify the authority value to include the tenant ID (e.g., ‘https://login.microsoftonline.com/{your-tenant-id}’) and then log out, the browser fails to redirect me back to my application. However, if I use “common” in the URL, the redirect works as expected.

I have also confirmed that the logout URL is properly set in the Azure portal, but the issue persists.

Notably, the issue only occurs when using a tenant-specific authority URL, as it works fine with the default ‘https://login.microsoftonline.com/common’ URL.

Error Message

No response

Msal Logs

No response

MSAL Configuration

export const msalConfig = {
    auth: {
        clientId: "{your-client-id}",
        authority: 'https://login.microsoftonline.com/{your-tenant-id}',
        redirectUri: "/",
        postLogoutRedirectUri: "/",
    },
    cache: {
        cacheLocation: "localStorage",
        storeAuthStateInCookie: false,
    },
};

Relevant Code Snippets

const handleLogout = () =>
    instance.logoutRedirect({
        postLogoutRedirectUri: '/',
    });

Reproduction Steps

Change the authority to ‘https://login.microsoftonline.com/{your-tenant-id}’ and log in using your credentials.
Log out and observe that you are not redirected back to the local host.
Update the authority to ‘https://login.microsoftonline.com/common’ and log in again.
Log out and notice that you are now redirected back to my application.

Expected Behavior

I anticipate that when logging out with the tenant ID in the authority URL, the browser should redirect the user to the application, similar to how it behaves when the authority URL contains “common”.

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

Chrome

Regression

No response

Source

Internal (Microsoft)

About this issue

Original URL
State: open
Created a year ago
Reactions: 4
Comments: 41 (9 by maintainers)

Most upvoted comments

If you use useCallback it will work fine. Solved it for me, it was exactly the same problem.

const { instance } = useMsal();
const logout = useCallback(() => {
		instance.logoutRedirect({
			postLogoutRedirectUri: '/',
			mainWindowRedirectUri: '/',
		});
	}, [instance]);

gfmoreira on Nov 17, 2023

Hey @benaguitar, I had the exact same issue as you! I just made a new user in AD, logged in, and then logged out and was redirected back to the app correctly. It just doesn’t work for the primary admin user and external users.

@lalimasharda, looks like this same bug occurs for both @benaguitar and I.

chill0216 on Mar 12, 2023