Nugetgallery: Signing out of NuGet.org does not sign me out of MSA login

Created on 7 Dec 2017 · 10Comments · Source: NuGet/NuGetGallery

Related to the current MSA/AAD/2FA work:

Sign in to NuGet.org using MSA account1
Sign out
Try to sign in to NuGet.org (hoping to sign in using another MSA account2)
You get signed in automatically with account1. You are never completely signed out.

Expected:

Signing out should sign me out of NuGet.org account
On clicking 'Sign in' it should prompt me the MSA sign in screen.
If I enter the same account1 email address, the sign in should happen automatically as I was already signed in to MSA
If I use another MSA account2, I should be prompted for password and 2FA (if req) just like normal MSA sign in process.

Gallery UI Security Priority - 1 Verified-Dev Verified-Int

Source

anangaur

Most helpful comment

We've encountered the same issue (@kzu) and found a workaround.

If you have signed in using Account 1, go to some website (*.visualstudio.com) where you're signed in using the same account, then sign out of there. Go back to nuget.org, sign out of there. Then, when signing back on nuget.org it will offer the account picker again.

KirillOsenkov on 8 Sep 2018

👍2

All 10 comments

was fixed.

skofman1 on 24 Aug 2018

Happens again...

skofman1 on 30 Aug 2018

Note that a couple of customers have successfully worked around the problem by using an InPrivate/Incognito browser window.

joelverhagen on 31 Aug 2018

Using Firefox seems to be another workaround.

joelverhagen on 31 Aug 2018

Don’t see a label for regression.

anangaur on 31 Aug 2018

we don't have one.. it's Priority 1 so will fix ASAP

skofman1 on 31 Aug 2018

We've encountered the same issue (@kzu) and found a workaround.

KirillOsenkov on 8 Sep 2018

👍2

@KirillOsenkov - apologies for the regression caused by a change on Azure Identity side. I have made a concrete fix for the issue and is in pipeline to be deployed in couple of days.

https://github.com/NuGet/NuGetGallery/pull/6400