Hi everyone,
I’ve built a Flutter application that uses Firebase Authentication with Microsoft as an identity provider (via OAuth). Everything works great on sign-in — it launches the external browser (like Chrome Custom Tabs) and signs in correctly through the Microsoft account.
However, I’m facing issues with logging out. When the user logs out from the app, I try calling the Microsoft logout endpoint (https://login.microsoftonline.com/common/oauth2/v2.0/logout), but this doesn’t seem to truly clear the session. If I close and reopen the app, the external browser still remembers the session, and the user is signed in automatically without needing credentials.
What I want:
- A complete sign-out that forgets the Microsoft session.
- OR, the ability to use an in-app WebView where I can control the cache/cookies — but Firebase doesn’t seem to support that.
- Alternatively, I’m open to using OAuth directly (without Firebase), using
flutter_appauthoroauth2packages, and connecting directly through my Azure AD app registration.
What I’ve tried:
- Logging out via Firebase
signOut(). - Hitting the Microsoft logout URL.
- Clearing WebView cache (but it doesn’t apply to the external browser).
- I read that Custom Tabs or Safari ViewController keep session cookies by design for SSO, so the login sticks even after logout.
Questions:
- Is there any recommended way to fully log out when using Microsoft login via Firebase?
- Would switching to a direct OAuth approach (e.g.,
flutter_appauth) give me more control over sessions and cache? - Has anyone had success using in-app WebViews for OAuth and managing login/logout behavior effectively?
Thanks in advance!