question

CarolLai-5934 avatar image
1 Vote"
CarolLai-5934 asked ProepsterMichael-6937 commented

AAD B2C: forget password doesn't work in sign up and sign in user flow

I created a sign up and sign in user flow as the following.
95628-runflow.png

It showed the following sign in page.
95741-signin.png

I typed in the email and click on Forgot your password, but I get access denied message.
95669-error.png


azure-ad-b2c
runflow.png (255.9 KiB)
signin.png (52.2 KiB)
error.png (61.6 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ProepsterMichael-6937 commented

Hi @CarolLai-5934 · Thank you for reaching out.

The behavior you have mentioned is the expected behavior in legacy password reset flow:

  1. The user selects the Forgot your password? link. Azure AD B2C returns the AADB2C90118 error code to the application.

  2. Your application must be written to handles the error code and initiates a new authorization request. The authorization request specifies the password reset policy name, such as B2C_1_pwd_reset. To see an example of this, take a look at a simple ASP.NET sample, which demonstrates the linking of user flows.

To switch from legacy to recommended password reset flow, follow below steps. In this case, your application is not required to handle AADB2C90118 error code and B2C takes care of it.

  1. Azure AD B2C > Select User flows > Select a sign-up or sign-in user flow (of type Recommended) that you want to customize > Select Properties > Under Password configuration, select Self-service password reset.

  2. Under Customize in the left menu, select Page layouts > In the Page Layout Version, choose 2.1.3 or above > Select Save.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CarolLai-5934 avatar image CarolLai-5934 ·

@amanpreetsingh-msft

Does the new recommended password reset flow break the password reset policy when an app is using a custom policy for the password reset policy?

I'm getting an AADB2C90118 error code with the following policy setup in my appsettings.json file.

95969-custompolicy3.png

That's why I tested the user flow to see if I'm getting the same error.

The policy I'm based on is the LocalAccount from https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/LocalAccounts.

96034-custompolicy1.png
When I click the "Forgot your password?" link, I get the AADB2C90118 error code.


96058-custompolicy2.png



0 Votes 0 ·
custompolicy3.png (6.7 KiB)
custompolicy1.png (115.1 KiB)
custompolicy2.png (113.8 KiB)
ProepsterMichael-6937 avatar image ProepsterMichael-6937 ·

Hi @amanpreetsingh-msft ,
what about the sign-in-flow (not signInSignUp)? It seems like this flow does not include a sub-journey. It would be great to include it there since we don't allow a self-service-sign-up for local accounts.

Michael

0 Votes 0 ·
amanpreetsingh-msft avatar image amanpreetsingh-msft ProepsterMichael-6937 ·

Hi @CarolLai-5934 · In the new password reset flow, when a user clicks on forgot password link, we don't call separate user flow/custom policy created for password reset. The signuporsignin policy invokes a subjourney to initiate password reset without calling a separate user flow/policy.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·