Passionate Full Stack Developer & Engineer, learning continuously and exploring different technologies, topics and study areas. Let's accomplish something great!
Hey Robert, sorry to not respond sooner, I only just realized I was not getting notifications emailed to me. You may have gotten this sorted by now, but if not-
Is there a hard requirement for your process that the id_token be provided for logout?
I don't use that functionality, and it can be disabled within Azure AD B2C in the 'Properties' of the specific User Flow, under 'Session Behavior' -> 'Require ID Token in logout requests'
If it is a hard requirement, you could (this is what I have done in a current implementation) store the token from B2C within the NextAuth JWT. You can see an example of this in my comment here: github.com/nextauthjs/next-auth/is... specifically in the callbacks property.
Passionate Full Stack Developer & Engineer, learning continuously and exploring different technologies, topics and study areas. Let's accomplish something great!
Hey Ben, hope you are well! No problem, it wasn't a hard requirement, my team wanted the id_token to be required in the logout request "for security reasons" which I don't agree with adding the extra overhead. But, that aside I managed implement this a while ago as you also advised.
Cheers again for this article and take care!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hello Ben. Hope you are well and thanks for an amazing tutorial!
When I do the FULL signout with Azure B2C, it requires this
id_token_hint
which I need to attach basically as a query parameter as sohttps://${process.env.AUTH_TENANT_NAME}.b2clogin.com/${process.env.AUTH_TENANT_NAME}.onmicrosoft.com/${process.env.USER_FLOW}/oauth2/v2.0/logout?post_logout_redirect_uri=${process.env.NEXTAUTH_URL}/auth/signout&id_token_hint=${id_token_hint}
Basically that is my
id_token
that I got when signing in and it's stored in the session. How can I retrieve this token to attach it to my request URL?Or would it be possible to resolve this in a different way?
Cheers,
Robert
Hey Robert, sorry to not respond sooner, I only just realized I was not getting notifications emailed to me. You may have gotten this sorted by now, but if not-
Is there a hard requirement for your process that the id_token be provided for logout?
I don't use that functionality, and it can be disabled within Azure AD B2C in the 'Properties' of the specific User Flow, under 'Session Behavior' -> 'Require ID Token in logout requests'
If it is a hard requirement, you could (this is what I have done in a current implementation) store the token from B2C within the NextAuth JWT. You can see an example of this in my comment here: github.com/nextauthjs/next-auth/is... specifically in the
callbacks
property.Hey Ben, hope you are well! No problem, it wasn't a hard requirement, my team wanted the
id_token
to be required in the logout request "for security reasons" which I don't agree with adding the extra overhead. But, that aside I managed implement this a while ago as you also advised.Cheers again for this article and take care!