How to force 2FA after logout on single account?

[JacobMaldonado]

Hello everyone, I'm trying to logout and i am using app.signOut() but the problem is that when a user try to log in again it is not asked for password or 2FA, which could be a security issue.
How can I achieve this behavior?

[bgore]

I have experienced the same behavior (problem) after signout: signing back in does not prompt for a password. Given that a device wipe was occurred as part of the protection policy, this seems like a security hole. Is this expected behavior from the MSAL library?
If so, are there any APIs that will clear user credentials (from the Portal, WebView, or whatever is caching them)?