Adal JS - 仅注销一个广告站点
Adal JS - Logout of just one AD site
我正在开发一个使用 ADAL JS 的 SPA。在调用 adalService.logOut() 之后,用户被正确地重定向到 microsoft oauth logout URL 并且注销发生得很好。但是,用户已注销所有 Microsoft 365 站点和所有其他使用 ADAL 的站点。
有没有办法只让用户退出这个站点?
不幸的是,ADAL JS 库的工作方式与您描述的一样。当调用注销函数时,它会清除整个缓存。根据维基:
https://github.com/AzureAD/azure-activedirectory-library-for-js/wiki/Login-methods#logout
Logout
When the logout method is called, the library clears the
application cache in the browser storage and sends a logout request to
the Azure AD instance's logout endpoint.
authContext.logOut(); The default behavior is to redirect the user to
window.location.href after logout. If a postLogoutRedirectUri value is
set at the config time, the user will be redirected to that URI.
手动注销的唯一其他方式。那就是,自己查看缓存,然后删除您有兴趣删除的信息。这将在某种程度上 "logout" 用户,因为您已经删除了对令牌的访问权限。
根据 wiki 的配置 Auth Context https://github.com/AzureAD/azure-activedirectory-library-for-js/wiki/Config-authentication-context:
cacheLocation - ADAL caches tokens in the browser storage which
defaults to 'sessionStorage'. You can set this to either
'localStorage' or 'sessionStorage'.
window.config = {
clientId: 'g075edef-0efa-453b-997b-de1337c29185',
cacheLocation: 'localStorage' // Default is sessionStorage
}; Tokens are accessible from JavaScript since ADAL.JS is using HTML5 browser storage. It is recommended to prompt users to login
again for important operations in your app. You should also protect
your site for XSS. Please check the article here:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
You can read further details about the other configurable options
here.
有关访问本地存储的更多信息,您可以在此处阅读:https://blog.logrocket.com/the-complete-guide-to-using-localstorage-in-javascript-apps-ba44edb53a36
用于存储的 MDN Web 文档可以在这里找到:https://developer.mozilla.org/en-US/docs/Web/API/Storage
我正在开发一个使用 ADAL JS 的 SPA。在调用 adalService.logOut() 之后,用户被正确地重定向到 microsoft oauth logout URL 并且注销发生得很好。但是,用户已注销所有 Microsoft 365 站点和所有其他使用 ADAL 的站点。
有没有办法只让用户退出这个站点?
不幸的是,ADAL JS 库的工作方式与您描述的一样。当调用注销函数时,它会清除整个缓存。根据维基: https://github.com/AzureAD/azure-activedirectory-library-for-js/wiki/Login-methods#logout
Logout When the logout method is called, the library clears the application cache in the browser storage and sends a logout request to the Azure AD instance's logout endpoint.
authContext.logOut(); The default behavior is to redirect the user to window.location.href after logout. If a postLogoutRedirectUri value is set at the config time, the user will be redirected to that URI.
手动注销的唯一其他方式。那就是,自己查看缓存,然后删除您有兴趣删除的信息。这将在某种程度上 "logout" 用户,因为您已经删除了对令牌的访问权限。
根据 wiki 的配置 Auth Context https://github.com/AzureAD/azure-activedirectory-library-for-js/wiki/Config-authentication-context:
cacheLocation - ADAL caches tokens in the browser storage which defaults to 'sessionStorage'. You can set this to either 'localStorage' or 'sessionStorage'.
window.config = { clientId: 'g075edef-0efa-453b-997b-de1337c29185', cacheLocation: 'localStorage' // Default is sessionStorage }; Tokens are accessible from JavaScript since ADAL.JS is using HTML5 browser storage. It is recommended to prompt users to loginagain for important operations in your app. You should also protect your site for XSS. Please check the article here: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
You can read further details about the other configurable options here.
有关访问本地存储的更多信息,您可以在此处阅读:https://blog.logrocket.com/the-complete-guide-to-using-localstorage-in-javascript-apps-ba44edb53a36
用于存储的 MDN Web 文档可以在这里找到:https://developer.mozilla.org/en-US/docs/Web/API/Storage