Hi
I am trying to use one of your APIs to reset user's passwords from our app using the Graph API under Azure AD B2C
So far, I have a majority of the user flows working:
- Finding users by email address
- Getting user info and extensions by ID
- Create new users with their email address and chosen password
But the one thing I cannot get to work is changing their password. We have our own flows to verify the user, so our API is really just trying to set their password.
We are using this beta API to try and accomplish it because it didn't seem like there was a better API to use: https://learn.microsoft.com/en-us/graph/api/passwordauthenticationmethod-resetpassword?view=graph-rest-beta&tabs=http
For some context, we are using Node.js and the following code is how we're authenticating to the Graph API. Again, this works for everything but password reset.
const getClientCredentials = oauth.client(axios.create(), {
url: `https://login.microsoftonline.com/${process.env.AAD_TENANT_ID}/oauth2/v2.0/token`,
grant_type: 'client_credentials',
client_id: process.env.AADU_CLIENT_ID,
client_secret: process.env.AADU_CLIENT_SECRET,
scope: TOKEN_SCOPE
});
const instance = axios.create();
instance.interceptors.request.use(
oauth.interceptor(tokenProvider, getClientCredentials)
);
This is what we're doing to reset a user's password (this.id
being the User's ID in Azure)
First, we fetch their authentication methods to find their password authentication method.
const response = await instance.request({
baseURL: API_URI,
url: `/beta/users/${this.id}/authentication/methods`,
method: 'get'
});
return response.data.value; //Returns an array which we get the ID from
return instance.request({
baseURL: API_URI,
url: `/beta/users/${this.id}/authentication/passwordMethods/${authID}/resetPassword`,
method: 'post',
data: {
newPassword
}
});
But this is the error we get from the API, which comes back as JSON in a string:
{\"error\":{\"code\":\"BadRequest\",\"message\":\"Upn from claims with value null is not a valid upn.\",\"innerError\":{\"request-id\":\"4668534c-c4b0-4c4a-b979-c39662c1f7dd\",\"date\":\"2021-01-25T14:38:40.7851202Z\"}}}
My head has been spinning on this for days and from my research, nothing is standing out. Any insight anyone might have would be greatly appreciated.