The issue with the "logout" function is that the popup window that opens does not close.

[rkocur]

Issue

Hello,

The callback URIs are defined in the Azure AD portal.

tr.edu.ozyegin.myozutest://oauth/redirect/
tr.edu.ozyegin.myozutest://oauth/logged_out/

For login:

When you run the following code, it opens a login window where, after entering the email and password, the automatically opened window closes successfully. There is no problem with the authorize function.

await authorize({
   issuer: 'https://login.microsoftonline.com/xxx/v2.0',
  clientId: 'xxx',
  redirectUrl: 'tr.edu.ozyegin.myozutest://oauth/redirect/',
  scopes: ['openid', 'profile', 'email'],
  iosPrefersEphemeralSession: true,
});

However, when logging out, the window that opens does not automatically close. There is a problem with this:

await logout({
        issuer: 'https://login.microsoftonline.com/xxx/v2.0',
        clientId: 'xxx',
        iosPrefersEphemeralSession: true,
      }, {
      idToken: 'xxx',
      postLogoutRedirectUrl: 'tr.edu.ozyegin.myozutest://oauth/logged_out/',
    });

I am sharing the video as attached.

out.mp4

What should I do?

---

Environment

• Your Identity Provider: Azure AD
• Platform that you're experiencing the issue on: both
• Your react-native Version: e.g. 0.75.4
• Your react-native-app-auth Version: e.g. 8.0.1
• Are you using Expo?: No

[carbonrobot]

See the following issue for help in resolving this. Azure AD requires a very specific setup in your azure AD account and RN application in order for logout redirect to work properly.

[rkocur]

Hello carbonrobot,

I've already followed all the necessary steps. Just to be sure, I executed these commands and the application opens correctly, so I don't think the issue is related to the deeplink.

npx uri-scheme open "tr.edu.ozyegin.myozutest://oauth/logged_out" --ios
npx uri-scheme open "https://my.ozyegin.edu.tr/.oauth/logged_out" --ios

The main issue arises in the react-native-app-auth module when using Xcode, with the following error message:

Background Task 3 ("Called by myozu, from __152-[RNAppAuth issuer:idTokenHint:postLogoutRedirectURL:serviceConfiguration:additionalParameters:iosCustomBrowser:prefersEphemeralSession:resolve:reject:]_block_invoke"), was created over 30 seconds ago. In applications running in the background, this creates a risk of termination. Remember to call UIApplication.endBackgroundTask(_:) for your task in a timely manner to avoid this.

Thank you.

[carbonrobot]

You might try configuring your postLogoutRedirectUrl as a universal link. We don't have any maintainers familiar with the current state of Azure, so we need some community support to debug further. I am basing this off the comments here from a Microsoft engineer

- postLogoutRedirectUrl: 'tr.edu.ozyegin.myozutest://oauth/logged_out/',
+ postLogoutRedirectUrl: 'https://my.ozyegin.edu.tr/.oauth/logged_out',

[carbonrobot]

Duplicate of #916, but I will move the discussion here since that issue is much older.

[rkocur]

I discovered that the issue was due to adding the iosPrefersEphemeralSession parameter.

I included this parameter to avoid the alert message 'XXX Wants to Use "microsoftonline.com" to Sign In.'

Yes, I tested it by removing the iosPrefersEphemeralSession parameter, and it worked!

When we use the iosPrefersEphemeralSession parameter, it doesn't redirect with the postLogoutRedirectUrl in Azure AD. I'm not sure whether the issue is related to Azure AD or the react-native-app-auth module.

without.mp4

[rkocur]

There is no problem on Android. If others face issues on Android, I am sharing some code:

• Ensure that the following is added in your build.gradle file:

  manifestPlaceholders = [
    appAuthRedirectScheme: 'com.myapp'
  ]

• Verify the app com.myapp on your domain by ensuring that https://DOMAIN/.well-known/assetlinks.json is uploaded. You can use the Android Studio "App Links Assistant" tool for assistance.
  

• Ensure "com.myapp://oauth/redirect" and "https://domain/.oauth/logout" are added under "Mobile and desktop applications Redirect URIs" in Azure AD.

• In the AndroidManifest.xml file:

  <activity android:name=".MainActivity"...>...</activity>
  <activity android:name="net.openid.appauth.RedirectUriReceiverActivity">
              <intent-filter>
                <action android:name="android.intent.action.VIEW" />
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />
                <data android:scheme="com.myapp" />
                <data android:scheme="https" />
                <data android:host="DOMAIN" />
                <data android:pathPattern="/.oauth/logout" />
              </intent-filter>
  </activity>

• In your authorize function:

  authorize({
    issuer: 'https://login.microsoftonline.com/[TENANT_ID]/v2.0',
    clientId: 'xxx',
    redirectUrl: 'com.myapp://oauth/redirect',
    scopes: ['openid', 'profile', 'email']
  });

• In your logout function:

  logout({
    issuer: 'https://login.microsoftonline.com/[TENANT_ID]/v2.0',
  }, { idToken, postLogoutRedirectUrl: 'https://domain/.oauth/logout' });

[rkocur]

If you don't want to use the iosPrefersEphemeralSession parameter and are experiencing issues with the logout screen on iOS, I'd like to offer some help.

• Ensure that in the apple-app-site-association file, the appID and the "/.oauth/logout" path are correctly defined. You can use AASA Validator to verify that the "Domain Server Content" and "Apple CDN Content" are synchronized.
  

• Follow the instructions under the "Register redirect URL scheme" and "Define openURL callback in AppDelegate" sections on the React Native App Auth documentation and ensure everything is correctly set up.

• For the authorize function, use:

authorize({
  issuer: 'https://login.microsoftonline.com/[TENANT_ID]/v2.0',
  clientId: 'CLIENT_ID',
  redirectUrl: 'com.myapp://oauth/redirect',
  scopes: ['openid', 'profile', 'email'],
});

• For the logout function, use:

logout(
  {
    issuer: 'https://login.microsoftonline.com/[TENANT_ID]/v2.0',
  },
  {
    idToken,
    postLogoutRedirectUrl: 'https://DOMAIN/.oauth/logout',
  }
);

I hope the code I shared above for iOS and Android has been helpful without using the iosPrefersEphemeralSession parameter.

[rkocur]

Here is an explanation from Microsoft Engineering:

"If there is no session, no redirects happen, but if there is a session, AAD does redirect the user to the post_redirect_uri as mentioned in the request."

Because of this, using the iosPrefersEphemeralSession parameter means we don't need a logout function. This is demonstrated in one of Microsoft's examples, "msgraph-sample-react-native," which uses the iosPrefersEphemeralSession parameter. In this code, there is no logout function. Instead, it's sufficient to delete the stored token information and redirect to the login screen.

[carbonrobot]

Good info, I will try to capture this in the documentation in some way.