question

kevinpetteys avatar image
0 Votes"
kevinpetteys asked XuDongPeng-MSFT edited

Multiple Microsoft account confuses MSAL in dev.azure.com

Issue
I have 4 Microsoft accounts. When I try to log in to dev.azure.com with account A using Microsoft Edge signed in as account B, it is trying to use account C to log in. I have restarted Edge, and it still tries to use Account C. Account C doesn't have an Azure Dev Ops organization, so it always asks me to create one.

My initial though
It seems this issue is bigger than just dev.azure.com not providing a logout button on this page. The real issue is Microsoft is caching accounts and allowing the cache between browser sessions. At a high level it seems like token hijacking because they have to be storing tokens outside the page and adding it to the session later. Ultimately, it's really concerning because it is not obvious when you are logging into a website. Oauth is supposed to help the users control access to their data, but how so if they don't even know when applications are using their data?

ms-edge
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

XuDongPeng-MSFT avatar image XuDongPeng-MSFT ·

Hi @kevinpetteys ,

It looks like the issue is related to Microsoft account, for better understanding the issue, I want to confirm the following things with you:

  1. Does browser InPrivate/Incognito mode have the same problem?

  2. Do other MS resources have the same problem?

  3. Have you tried clearing your browser cache, does this work?

In addition, if only DevOps has this problem, I recommend that you open a new thread in the Developer Community.

0 Votes 0 ·

0 Answers