question

AquilImran-5332 avatar image
0 Votes"
AquilImran-5332 asked AquilImran-5332 edited

b2c forgotpassword userflow with SPA having '#' (hash) tag on return url

I have an angular app which shows the "sign in" link along with "forgot password". When I click the "forgot password", the following screen shows up with custom page. The problem is when I click "cancel" button , it redirect back to "localhost:4200/" but the problem is it has hash tag after the domain name '#' along with error_description. Ideally it should be '?' to get the querystring. What setting am I doing incorrectly that there is always a hash '#' after domain name.
Example:

http://localhost:4200/#error=access_denied&error_description=AADB2C90091%3a+The+user+has+cancelled+entering+self-asserted+information.%0d%0aCorrelation+ID%3a+c2c881df-d7d1-4b9e-b645-9c6e030e064e%0d%0aTimestamp%3a+2020-02-20+16%3a21%3a33Z%0d%0a

Appreciate any help.

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JMod-5649 avatar image
0 Votes"
JMod-5649 answered AquilImran-5332 edited

Hi Aguillmran-5332,

You need to set the "response_mode" querystring parameter value for your links to tell Azure B2C how you want it to return both successful authentications and also errors back to your application. The valid values are "query", "form_post" and "fragment" and dictate how Azure returns when the user cancels. It looks like you have it either set to "fragment" or not set at all and it is defaulting to fragment.

From some of the Microsoft documentation:

response_mode - optional - Specifies the method that should be used to send the resulting token back to your app. Defaults to query for just an access token, but fragment if the request includes an id_token.

OAuth2 Implicit Grant Flow

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AquilImran-5332 avatar image AquilImran-5332 ·

Thanks for your reply JMod. Where in b2c userflow should I set the response_mode='query' ? I can't seem to find the settings. OR if I leave it as default value which is fragment, then how do I get the error and error_description in the client side angular code?

1 Vote 1 ·