Azure B2C signin-oidc Password Reset - OpenIdConnectProtocolException - invalid_grant

Chilberto 231 Reputation points

Sign-in and Sign-out flows are working correctly without an error. The password reset is working - the password is changed and the user flow test shows the claims being created correctly.

The issue I am facing is on the redirect. This ends with:
Message contains error: 'invalid_grant', error_description: 'AADB2C90088: The provided grant has not been issued for this endpoint. Actual Value : B2C_1_si and Expected Value : B2C_1_reset

My configuration is pretty simple:
"AzureAdB2C": {
"Instance": "****",
"ClientId": "***",
"CallbackPath": "/signin-oidc",
"Domain": "",
"SignUpSignInPolicyId": "b2c_1_si",
"ResetPasswordPolicyId": "b2c_1_reset",
"EditProfilePolicyId": "b2c_1_edit_profile",
"ClientSecret": "****",
"B2cExtensionAppClientId" :"****"

And my configuration in Startup:

        services.AddAuthorization(options =>  
            options.FallbackPolicy = options.DefaultPolicy;  
            options.AddPolicy("IsNewUser", policy => policy.RequireClaim("newUser"));  

I am able to test the user flow without issue. You can see the claim being returned here:

So, do I need to somehow redirect to a different endpoint?

Cheers - Jeff

A set of technologies in the .NET Framework for building web applications and XML web services.
4,263 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,688 questions
{count} votes

Accepted answer
  1. Chilberto 231 Reputation points

    Figured it out... and, like most cases, the answer or clue was in the documentation.

    This was an upgraded project so the reset was set in the application settings. This confusing things. I was able to perform the reset but the result returned was for the sign up user flow. So this confused the framework.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful