Hey Robert, sorry to not respond sooner, I only just realized I was not getting notifications emailed to me. You may have gotten this sorted by now, but if not-
Is there a hard requirement for your process that the id_token be provided for logout?
I don't use that functionality, and it can be disabled within Azure AD B2C in the 'Properties' of the specific User Flow, under 'Session Behavior' -> 'Require ID Token in logout requests'
If it is a hard requirement, you could (this is what I have done in a current implementation) store the token from B2C within the NextAuth JWT. You can see an example of this in my comment here: github.com/nextauthjs/next-auth/is... specifically in the callbacks property.
Passionate Full Stack Developer & Engineer, learning continuously and exploring different technologies, topics and study areas. Let's accomplish something great!
Hey Ben, hope you are well! No problem, it wasn't a hard requirement, my team wanted the id_token to be required in the logout request "for security reasons" which I don't agree with adding the extra overhead. But, that aside I managed implement this a while ago as you also advised.
Cheers again for this article and take care!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hey Robert, sorry to not respond sooner, I only just realized I was not getting notifications emailed to me. You may have gotten this sorted by now, but if not-
Is there a hard requirement for your process that the id_token be provided for logout?
I don't use that functionality, and it can be disabled within Azure AD B2C in the 'Properties' of the specific User Flow, under 'Session Behavior' -> 'Require ID Token in logout requests'
If it is a hard requirement, you could (this is what I have done in a current implementation) store the token from B2C within the NextAuth JWT. You can see an example of this in my comment here: github.com/nextauthjs/next-auth/is... specifically in the
callbacks
property.Hey Ben, hope you are well! No problem, it wasn't a hard requirement, my team wanted the
id_token
to be required in the logout request "for security reasons" which I don't agree with adding the extra overhead. But, that aside I managed implement this a while ago as you also advised.Cheers again for this article and take care!