question

ZhangJiawang-9777 avatar image
0 Votes"
ZhangJiawang-9777 asked amanpreetsingh-msft commented

Azure AD B2C用户修改密码

我现在需要使用B2C修改用户的密码,尝试了一下3种方式都有些问题。

1、https://docs.microsoft.com/en-us/graph/api/user-changepassword?view=graph-rest-1.0&tabs=http
这种方式好像只能使用通过户流登录获取的token才能进行修改。
目前因为通过B2C获取到的access_token好像不能用于调用graph api、所以这条路貌似行不通。
所以,B2C怎么和graph api结合使用?

2.https://docs.microsoft.com/en-us/graph/api/passwordauthenticationmethod-resetpassword?view=graph-rest-beta&tabs=http
好像这种方式可以直接重置用户的密码,但是我得到了以下的错误。

187184-image.png

因为token是通过无用户流获取的,所以token中自然不会包含具体的UserPrincipalName字段。这个问题应该怎么解决?
怎么通过无用户流修改指定用户的密码?

  1. https://docs.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http
    这种方式是通过更新用户的密码配置文件去更新密码。
    但是我得到了以下错误:
    187183-image.png

提示我想应该是权限不足、
这个权限 Directory.AccessAsUser.All 应该要 delegated permission 这种类型,但我添加的*application permission* 类型。因为在B2C中delegated permission只有openid和offline_access两种权限。我应该怎么去处理?

另外通过创建B2C的密码重置流,好像都无法修改用户的密码,

187204-image.png

这个画面过了之后并没有跳转到修改密码的画面,而是又回到了登录页。

怎样都好,我想修改B2C用户的密码,我应该怎么做?

azure-ad-b2cmicrosoft-graph-applicationsazure-ad-passwordless-authentication
image.png (82.7 KiB)
image.png (65.3 KiB)
image.png (27.0 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ZhangJiawang-9777 Has your problem been resolved? Are there any updates?

0 Votes 0 ·

Hi @ZhangJiawang-9777 • I have posted an alternative solution to this problem on the other thread that you have opened: https://docs.microsoft.com/en-us/answers/questions/798504/index.html


0 Votes 0 ·

1 Answer

CarlZhao-MSFT avatar image
0 Votes"
CarlZhao-MSFT answered CarlZhao-MSFT commented

Hi @ZhangJiawang-9777

First go to your application's Manifest blade, then find the signInAudience property and change it to: AzureADMyOrg. This will ensure that your application can be granted the Directory.AccessAsUser.All delegated permission.

187336-2022-03-28-135610.png

Also, if you call graph api then you must use Azure AD based authentication flow (eg: ROPC flow or auth code flow)to get the token. Tokens for user flow or custom policy can only be used to call the web api and not the graph api.

187298-image.png


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (42.8 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ZhangJiawang-9777 Would you please provide us with an update on the status of your issue?

0 Votes 0 ·