I am creating excel add-ins using office.js, react.js and JavaScript. We implemented authentication using OIDC-client library. Authentication is working and we are receiving access_token and user details but if we click on sign-off from desktop excel browser tab opens with "ping_end_session_endpoint" url with appending post_logout_redirect_uri which we provided as settings while creating the instance of userManager. And if we try to sign in again the same user session gets fetched and it is not giving challenge window to provide user name and password again.
Same flow is working on excel online web version (office365). Please see below is the code for reference.
const settings = {
authority: Constants.stsAuthority,
client_id: Constants.clientId,
redirect_uri: `${Constants.clientRoot}public/signin-callback.html`,
silent_redirect_uri: `${Constants.clientRoot}public/silent-renew.html`,
post_logout_redirect_uri: `${Constants.clientRoot}logout/logout.html`,
response_type: 'code',
scope: 'openid profile email api',
automaticSilentRenew: true,
state: true,
filterProtocolClaims: true,
loadUserInfo: true,
nonce: true,
clearHashAfterLogin: true,
monitorsession: true,
};
this.userManager = new UserManager(settings);
And on logout button click calling below method from userManager:
this.userManager.signoutRedirect()
On chrome excel online web version its working, its successfully invalidating user session by sending cookies in ping_end_session_endpoint url header.
But with desktop version on click of logout it opens default browser tab with "ping_end_session_endpoint" url and looks like it is not sending cookies.
can someone please help to check, is the implementation is correct? or anything I am missing. Is there any way to restrict it from excel to redirect it on browser.
