question

KofiNimoh-7426 avatar image
0 Votes"
KofiNimoh-7426 asked alfredorevilla-msft answered

Change Azure B2C user password using Graph API with Admin token only

I understand that this method can only be used with the token acquired by the user:

 POST https://graph.microsoft.com/v1.0/me/changePassword
 Content-type: application/json
    
 {
     "currentPassword": "xWwvJ]6NMw+bWH-d",
     "newPassword": "0eM85N54wFxWwvJ]"
 }

Is there a similar method (supplying current and new password) that can be used with the admin token, or can a custom policy be set up in some manner that would allow something similar to be invoked in graph Api with the admin token?

We have a solution whereby user accounts are maintained via a queue. So, instructions to change claims, roles passwords etc. all end up on a queue where they are picked up and dealt with by a queue-triggered Azure function. So, it just so happens that when a user does "Change Password" as it were, the instruction will end up as a message on a queue, and the function (using an admin account) will do the changing of the password. Hence, we need this function to be available to the admin account.

azure-ad-b2cmicrosoft-graph-profile
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

alfredorevilla-msft avatar image
0 Votes"
alfredorevilla-msft answered

Hello @kofinimoh-7426, admins do not need the current user password to reset it, but since the credentials are already being shared, you might want to use the ROPC flow to signin as each user to later call the /me/changePassword endpoint.



Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.