I managed to do it this way:
$scope.redirectOutSistem = function() {
loadingOn();
//ESSA FUNCAO CONSTA NO ARQUIVO IS_MOBILE.JS
try {
if (is_running_on_ipad) {
//ESSA FUNCAO SO FUNCIONA QUANDO É NO IPAD
sendObjectMessage({name: 'App', company: 'Name'});
window.location.href = '/sair';
} else if (is_running_on_android) {
Android.sendObjectMessage({name: 'App', company: 'Name'});
} else {
if (typeof is_login !== 'undefined' && is_login) {
loadingOff();
} else {
window.location.href = '/sair';
}
}
} catch (e) {
//window.location.href = '/sair';
}
}
$(document.body).append('<iframe data-logout-office365 style="display:none" src="https://login.live.com/oauth20_logout.srf" allow-same-origin allow-scripts></iframe>');
$.ajax({
url: "https://login.live.com/oauth20_logout.srf",
type: "POST",
crossDomain: true,
dataType: "text/html",
success: function (response) {
$scope.redirectOutSistem();
window.open('https://login.microsoftonline.com/common/oauth2/v2.0/logout','_blank');
},
error: function (xhr, status) {
$scope.redirectOutSistem();
window.open('https://login.microsoftonline.com/common/oauth2/v2.0/logout','_blank');
}
});
Assuming I have understood correctly, I hope it doesn’t exist, otherwise any joker puts the link in a meta tag or src or any other and depresses users without confirmation. It is already this way to not have this kind of problem. Incidentally, many systems are like this, precisely to avoid mistakes and/ or bad intentions.
– Bacco
@Bacco, your information does not solve my problem, but I will leave it noted here in my notebook of programming notes on account security and users to study later your reasoning ok.
– Ivan Ferrer
There’s a good chance I didn’t understand the problem. Anyway it was what I saw right away if the idea is to unleash the user in a "non-interactive way".
– Bacco
The idea is for the user to know that it was dropped by his choice... (I’m offering a modal asking if he wants to close the microsoft 365 account), if he already said yes, why would I need one more step of choice? I can kill his account, if you haven’t noticed, example 3 already does it, only not in a nice way... understood. There even the funny one makes...
– Ivan Ferrer
The idea is to get away from iframe, bad idea to send this page under the table...
– Ivan Ferrer
"if he ever said yes, because I would need one more stage of choice?" Because you’re the one who’s claiming that he said yes (and it might not be true), and Microsoft would have to trust that you’re being "sincere". Being that the ideal would be you send him to MS saying that he wants to close, the user and MS get along. What might be a real solution would be for you to have a friendlier MS endpoint for integration (where the user would say whether to scroll down or go back to your application, maybe).
– Bacco
I know that, but I have client_id, IE, from the moment I am using a login done at the expense of a single app access, it in turn should allow me to dislodge the same, through this client_id, I am not wanting to terminate all accounts, but only the account in question where he accesses the content... specific. (and he’s not doing it intelligently, it’s badly done... it’s supposed to be just that it doesn’t work, the documentation is very confusing. :(
– Ivan Ferrer
Loaning the app is not the same as loaning the 365 user. I have Oauth2 applications with logoff, and in such cases if the user gets out of touch, I discard the credentials of my application, in which case the session token is "only mine". I do not know if you could apply something in this sense in your case (in mine, the negotiation is not done on the client side in web situations, but on the server).
– Bacco