Share via

login_hint and logout_hint do not work with Azure Static Web App

AndrewElans 0 Reputation points
2025-12-12T16:08:00.2866667+00:00

SWA is created, hosting plan is upgraded to standard. New app registration created with:

  1. a new client secret name and value and passed in the auth key of staticwebapp.config.json
  2. In Token configuration -> optional claim login_hint is added to ID token.

Login is verified by going to /.auth/me where clientPrincipal object is filled with all details like claims including login_hint:

...
{
  "typ": "login_hint",
  "val": "O.CiQyMTczM2I...LmNvbSCpAQ=="
},
...

Further scenarious:

  1. If user is not logged in, navigating https://url.azurestaticapps.net/.auth/login/aad?login_hint=user1[AT]..onmicrosoft.com is requesting to select account.
  2. If user1 is logged in, navigating to https://url.azurestaticapps.net/.auth/login/aad?logout_hint=user1[AT]..onmicrosoft.com is requesting to select account to sign out.
  3. If user1 is logged in, navigating to https://url.azurestaticapps.net/.auth/login/aad?login_hint=user2[AT]..onmicrosoft.com is redirecting to home page, route .auth/me still has information that user1 is signed in.

Microsoft, please fix.

Ref. same issue in this 6 months old thread https://dori-uw-1.kuma-moon.com/en-us/answers/questions/edit/2286706/answer/12427866

Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-12T16:08:10.06+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It seems you are experiencing issues with the login_hint and logout_hint parameters in Azure Static Web Apps (SWA). Based on the context provided, here are some insights:

    1. Login Hint Behavior: When using the login_hint parameter, if the user is not logged in, it typically prompts for account selection. This is expected behavior, as the system needs to determine which account to authenticate.
    2. Logout Hint Behavior: Similarly, when using the logout_hint parameter while the user is logged in, the system may still prompt for account selection. This could be due to the way the logout process is handled in SWA, which may not fully support the logout_hint functionality as intended.
    3. Multiple Accounts: If a user is logged in and you attempt to use a different login_hint, it may not switch accounts as expected. This could indicate that the session management in SWA is not recognizing the change in user context properly.

    These behaviors suggest that there might be limitations or bugs in the current implementation of Azure Static Web Apps regarding the handling of login_hint and logout_hint. It may be beneficial to provide feedback to Microsoft or check for updates on this issue in the Azure community or support channels.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.