[MSAL Plugin] MSAL SignOut function triggers biometric facial detection in order to signout
Forge component by Walter Robins
Application Type

Hi Walter,

I have another question. I installed Outsystems Face Unlock forge widget.

This is used as a second level of security before user can access the login screens.

I have also implemented the Sign Out option on another screen 'Settings'.

However, I noticed that in order to sign out. The biometric face unlock will be trigger and only upon successfully detect the face, then it will sign out. Otherwise, it will not be able to sign out and an error is thrown showing 'The operation couldn't be completed. (OSStatus error -128.)

Please assist and advice.

Appreciate. Thank you so much.

Cheers and Regards

Darryl Ng

Hi again Darryl,

I think I understand what might be happening. If so, I've run into similar issues in my own apps. What happens is, if you aren't careful about your logic flows, you'll run into an infinite loop issue where it looks like your Face ID plugin is firing during the sign out process, but actually the following is happening:

  1. The user taps Sign Out
  2. Your business logic happens: the MSAL account is cleared and the OutSystems session is killed
  3. The user either stays on the Settings screen, or is possibly redirected somewhere, depending on your logic
  4. In either case, your app notices that your user doesn't have a session, and an exception is thrown
  5. This triggers the initial sign-in logic, and the Face ID plugin is invoked
  6. If the user passes, the app immediately tries to sign them in again

In many cases, these 6 steps can look instantaneous and can even look like it's trying to invoke the Face ID plugin before the user can be signed out. How you mitigate this depends on how your app is set up, but one solution is to create a landing screen with Anonymous access in which to dump the user upon signout, after step 2. This screen can thank the user for using your app and have a link to sign in again.

If this issue turns out to be something different let me know and I would be happy to assist further.



Hi Walt,

We did a quick test and realised that calling signout somehow triggers the faceid prompt.

when we put a prompt and covers our camera, we see the prompt in the below case while waiting for the face auth.

however when we put the prompt to after the signout, we do not see the prompt until our faceid gets registered.

do you have any suggestions on how we can go about doing this please?

any help is appreciated as we are not sure why we are hitting this :)

Hi Walter,

Tried to do below where it stays at the same screen, even then prompts face id for sign-out. Do we have any other choice for sign out where the face id does not appear? As we debug, we don't see any exception. Help advise. We appreciate it .thanks 

The graph API Signout triggers the biometric face id.. Please help on this regard. 

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.