调用 Web API 的 Web 应用:在全局注销时从令牌缓存中删除帐户A web app that calls web APIs: Remove accounts from the token cache on global sign-out

你已在用于将用户登录的 Web 应用:登录和注销中了解了如何向 Web 应用中添加登录信息。You learned how to add sign-in to your web app in Web app that signs in users: Sign-in and sign-out.

对于调用 web api 的 web 应用,注销是不同的。Sign-out is different for a web app that calls web apis. 当用户从你的应用程序或从任何应用程序中注销时,你必须从令牌缓存中删除与该用户关联的令牌。When the user signs out from your application, or from any application, you must remove the tokens associated with that user from the token cache.

在单一注销后拦截回调Intercept the callback after single sign-out

要清除与已注销帐户相关联的令牌缓存条目,应用程序可以拦截 logout 后事件。To clear the token-cache entry associated with the account that signed out, your application can intercept the after logout event. Web 应用会在令牌缓存中存储每个用户的访问令牌。Web apps store access tokens for each user in a token cache. 通过拦截 logout 后回调,Web 应用程序可以从缓存中删除用户。By intercepting the after logout callback, your web application can remove the user from the cache.

Microsoft.Identity.Web 负责为你实现注销。Microsoft.Identity.Web takes care of implementing sign-out for you. 有关详细信息,请参阅 Microsoft.Identity.Web 源代码For details see Microsoft.Identity.Web source code

后续步骤Next steps