app service easyauth logout without logging out from provider

Question

I'm using "EasyAuth" on a web an Azure App Service.
https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to

Everything works as expected but not the logout process. When I call https://mysite/.auth/logout from the browser, I lose my Microsoft account session in the browser and I find my self signed out from all Microsoft related website (e.g. outlook.com, onedrive, etc) because the logout process triggered by EasyAuth forces the logout from the identity provider instead of simply logging out from my web-site.
As far as I understand, this is mentioned in the documentation (link above):

For Azure Active Directory and Google, performs a server-side sign-out on the identity provider.

A question and a note:

• is there a way to logout from my webapp without loosing access to other microsoft services.
• the documentation mentions Google as same behavior but in my tests, when I logout during a visit authenticated by Google, I do not find my self kicked out of Google services. So I suppose documentation is wrong.

Any idea / suggestions?

Answer 1

Hi @fhtino , please let me know if you have any other questions down below

• is there a way to logout from my webapp without loosing access to other microsoft services.

Short answer is no. Easy Auth simply directs the call to the appropriate provider endpoints. Thusly would say that's the way the provider works. I verified this by signing out onedrive.com and navigating to outlook.com and vice versa. You get the same behavior.

• the documentation mentions Google as same behavior but in my tests, when I logout during a visit authenticated by Google, I do not find my self kicked out of Google services. So I suppose documentation is wrong.

I don't believe you can consider that same behavior. Server-side sign-out means your signing out of that service. However, it's still up to the provider however, as you may find similar behaviors when you sign out of AAD.