locked
I want change login account, but I don't know how to remove the old information (WebAuthenticationBroker)

    Question

  • Hi all,

    [Description]
    I am using WebAuthenticationBroker to connect to Live server.

    In the first time,
    Input my account and password, and select "keep me signed in".

    In the next time,
    I don'd need input the account and password.

    [My question]
    Now!  I want change user account after I have select  "keep me signed in".

    But I don't know how to do this.
    I can't change user account, it always use my account to login.

    Is any property or method can handle this issue?
    Thanks

    Monday, May 14, 2012 11:30 AM

Answers

  • Once the end User selects 'Keep Me Signed in' your application cannot change this.  This was a choice made by the user and not your app.

    You can manually clear the credentials in Credman however.

    Control Panel\User Accounts\Credential Manager

    Inspect, change and remove stored credentials here!

    -Jeff


    Jeff Sanders (MSFT)

    Tuesday, May 15, 2012 11:58 AM
    Moderator
  • Hi Woody,

    The service actually controls the link between your app and your service.  The details of how each service stores this depends on the service itself.  In general you can clear the link by navigating to the appropriate page to break the link.  For example, in the People app you can link to your facebook account.  In order to disassociate your account the app provides a settings page entry for accounts.  Then you can click on the FB icon and this in turn simply navigates to the correct page (using a URL that contains the appid).  From there you can disassociate the app from the creds.

    I would recommend you follow this same pattern in your case.

    -Jeff


    Jeff Sanders (MSFT)

    Thursday, May 17, 2012 3:00 PM
    Moderator
  • You cannot delete your auth tokens from a Windows Store app.

    The token is valid for the period of time it was issued by the service.  It is up to the service to expire or invalidate this token.

    -Jeff


    Jeff Sanders (MSFT)

    Thursday, January 31, 2013 4:18 PM
    Moderator

All replies

  • Hello,

     

    Thanks for your feedback, I will involve more experts to investigate it.

     

    Best regards,

    Jesse


    Jesse Jiang [MSFT]
    MSDN Community Support | Feedback to us

    Tuesday, May 15, 2012 6:20 AM
  • Once the end User selects 'Keep Me Signed in' your application cannot change this.  This was a choice made by the user and not your app.

    You can manually clear the credentials in Credman however.

    Control Panel\User Accounts\Credential Manager

    Inspect, change and remove stored credentials here!

    -Jeff


    Jeff Sanders (MSFT)

    Tuesday, May 15, 2012 11:58 AM
    Moderator
  • Hi jpsanders,

    Thanks for your reply.
    It's still login automatically after remove all the credentials(Web/Windows Credentials)
    I also try to delete the IE cookie, but it's no use.

    Is there any solution for this issue?

    [Reproduce step]
    1. Login Windows by local account
    2. using WebAuthenticationBroker to connect Live server.

    std::wstring _oauthUri;
    _oauthUri += L"https://oauth.live.com/authorize?";
    _oauthUri += L"client_id=";
    _oauthUri += WebAuthenticationBroker::GetCurrentApplicationCallbackUri()->AbsoluteUri->Data();
    _oauthUri += L"&scope=wl.signin wl.basic wl.skydrive";
    _oauthUri += L"&response_type=token";
     
    task<WebAuthenticationResult^> webAuthTask   
    (WebAuthenticationBroker::AuthenticateAsync(WebAuthenticationOptions::None, ref new Uri(ref new String(_oauthUri.c_str()))));
    webAuthTask.then([this](task<WebAuthenticationResult^> webAuthTask)
    {
            WebAuthenticationResult^ result = webAuthTask.get();
            if (result->ResponseStatus == WebAuthenticationStatus::Success)
            {
                Uri^ responseUrl = ref new Uri(result->ResponseData);
    	    std::wstring data = responseUrl->AbsoluteUri->Data();
    	}
    });

    3. In the first time, it will show a dialog to input account and password.
       After input account and password, selects "Keep Me Signed "

    4. Close app
    5. Open app, and using WebAuthenticationBroker to connect Live server
    6. login automatically. It doesn't give any option to change account

    Wednesday, May 16, 2012 4:00 AM
  • Hi Woody,

    Thanks for the repro!

    I think the credentials are actually stored cookies in this case and not managed be CredMan.  Interesting... I will do some more research and get back to you!

    -Jeff


    Jeff Sanders (MSFT)

    Wednesday, May 16, 2012 11:52 AM
    Moderator
  • Hi Woody,

    The service actually controls the link between your app and your service.  The details of how each service stores this depends on the service itself.  In general you can clear the link by navigating to the appropriate page to break the link.  For example, in the People app you can link to your facebook account.  In order to disassociate your account the app provides a settings page entry for accounts.  Then you can click on the FB icon and this in turn simply navigates to the correct page (using a URL that contains the appid).  From there you can disassociate the app from the creds.

    I would recommend you follow this same pattern in your case.

    -Jeff


    Jeff Sanders (MSFT)

    Thursday, May 17, 2012 3:00 PM
    Moderator
  • Hi jpsanders,

    Thanks for your reply.

    https://profile.live.com/cid-05e72b03c01b3245/Services/?view=manage

    I can review all service in this link by browser, and remove my app's "Sign you in automatically" permission.
    And then, it doesn't login
     automatically when I lauhch my app in the next time

    But, is there any solution by code?
    I want implement a logout button, this button will help user to change account.

    Thanks

    Friday, May 18, 2012 7:54 AM
  • Has this been resolved?  I am working on an app that uses OAuth 1.0A, and once I sign in and choose to remember my credentials, I can't ever clear out this information.  I'll forcibly delete my Oauth tokens, but when I try to launch the authenticate URL again, it still has my cookie and logs in immediately.

    Thanks,

    Brandon

    Thursday, January 24, 2013 10:09 PM
  • You cannot delete your auth tokens from a Windows Store app.

    The token is valid for the period of time it was issued by the service.  It is up to the service to expire or invalidate this token.

    -Jeff


    Jeff Sanders (MSFT)

    Thursday, January 31, 2013 4:18 PM
    Moderator