I want change login account, but I don't know how to remove the old information (WebAuthenticationBroker)

Question

Hi all,

[Description]
I am using WebAuthenticationBroker to connect to Live server.

In the first time,
Input my account and password, and select "keep me signed in".

In the next time,
I don'd need input the account and password.

[My question]
Now!  I want change user account after I have select  "keep me signed in".

But I don't know how to do this.
I can't change user account, it always use my account to login.

Is any property or method can handle this issue?
Thanks

Answer 1

Hello,

 

Thanks for your feedback, I will involve more experts to investigate it.

 

Best regards,

Jesse

---

Jesse Jiang [MSFT]
MSDN Community Support | Feedback to us

Answer 2

Once the end User selects 'Keep Me Signed in' your application cannot change this.  This was a choice made by the user and not your app.

You can manually clear the credentials in Credman however.

Control Panel\User Accounts\Credential Manager

Inspect, change and remove stored credentials here!

-Jeff

---

Jeff Sanders (MSFT)

Answer 3

Hi jpsanders,

Thanks for your reply.
It's still login automatically after remove all the credentials(Web/Windows Credentials)
I also try to delete the IE cookie, but it's no use.

Is there any solution for this issue?

[Reproduce step]
1. Login Windows by local account
2. using WebAuthenticationBroker to connect Live server.

std::wstring _oauthUri;
_oauthUri += L"https://oauth.live.com/authorize?";
_oauthUri += L"client_id=";
_oauthUri += WebAuthenticationBroker::GetCurrentApplicationCallbackUri()->AbsoluteUri->Data();
_oauthUri += L"&scope=wl.signin wl.basic wl.skydrive";
_oauthUri += L"&response_type=token";
 
task<WebAuthenticationResult^> webAuthTask   
(WebAuthenticationBroker::AuthenticateAsync(WebAuthenticationOptions::None, ref new Uri(ref new String(_oauthUri.c_str()))));
webAuthTask.then([this](task<WebAuthenticationResult^> webAuthTask)
{
        WebAuthenticationResult^ result = webAuthTask.get();
        if (result->ResponseStatus == WebAuthenticationStatus::Success)
        {
            Uri^ responseUrl = ref new Uri(result->ResponseData);
	    std::wstring data = responseUrl->AbsoluteUri->Data();
	}
});

3. In the first time, it will show a dialog to input account and password.
   After input account and password, selects "Keep Me Signed "

4. Close app
5. Open app, and using WebAuthenticationBroker to connect Live server
6. login automatically. It doesn't give any option to change account

Answer 4

Hi Woody,

Thanks for the repro!

I think the credentials are actually stored cookies in this case and not managed be CredMan.  Interesting... I will do some more research and get back to you!

-Jeff

---

Jeff Sanders (MSFT)

Answer 5

Hi Woody,

The service actually controls the link between your app and your service.  The details of how each service stores this depends on the service itself.  In general you can clear the link by navigating to the appropriate page to break the link.  For example, in the People app you can link to your facebook account.  In order to disassociate your account the app provides a settings page entry for accounts.  Then you can click on the FB icon and this in turn simply navigates to the correct page (using a URL that contains the appid).  From there you can disassociate the app from the creds.

I would recommend you follow this same pattern in your case.

-Jeff

---

Jeff Sanders (MSFT)

Answer 6

Hi jpsanders,

Thanks for your reply.

https://profile.live.com/cid-05e72b03c01b3245/Services/?view=manage

I can review all service in this link by browser, and remove my app's "Sign you in automatically" permission.
And then, it doesn't login automatically when I lauhch my app in the next time

But, is there any solution by code?
I want implement a logout button, this button will help user to change account.

Thanks

Answer 7

Has this been resolved?  I am working on an app that uses OAuth 1.0A, and once I sign in and choose to remember my credentials, I can't ever clear out this information.  I'll forcibly delete my Oauth tokens, but when I try to launch the authenticate URL again, it still has my cookie and logs in immediately.

Thanks,

Brandon

Answer 8

You cannot delete your auth tokens from a Windows Store app.

The token is valid for the period of time it was issued by the service.  It is up to the service to expire or invalidate this token.

-Jeff

---

Jeff Sanders (MSFT)