Azure AD B2C用户重置密码的方式？

Question

Azure AD B2C用户有几种方式可以重置密码？

我所知道的已经有密码重置用户流以及密码重置自定义策略。

除了这两种方式，还有其他的方式吗？
Graph API可以重置吗？

如果有其它的方式，能提供一个详细的示例吗？

Answer 1

Hi @Zhang, Jiawang/张 家旺 • Thank you for reaching out.

I understood that you want to know how can we reset passwords in Azure AD B2C apart from user flow or custom policy.

You can use the Graph API method to reset the password but it can only be done by using the standard Azure AD Functionality of the B2C tenant. This means, if you register an application in the B2C tenant using the first 2 options, you can use Graph API with Directory.AccessAsUser.All permission but these applications don't support user flows. So you will have to use the login.microsoftonline.com/your_tenant endpoint to acquire the access token for the password reset calls and not the your_tenant.b2clogin.com endpoint.

If you select the third option during app registration, you will not be able to use the application for password reset as Graph API permission Directory.AccessAsUser.All won't be available. In this case, you will have to use the password reset using user flow or custom policy.

After you acquire the token, you need to use the token as the bearer token in the authorization header and make the below graph call to reset the password.

Call: POST https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/authentication/passwordMethods/{id}/resetPassword  
Body:  
{  
"newPassword": "newPasswordvalue",  
}  

If you don't know the passwordMethods ID, you can use below GET call to find that:

GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/authentication/passwordMethods/  

To test these calls, you can also use Graph Explorer

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.