Hi @Johnson, Mark IT
The error you receive is the standard error returned by the Azure AD B2C when user clicks "forgot password" link.
This is the legacy approach as you can read here:
If the self-service password reset experience isn't enabled, selecting this link doesn't automatically trigger a password reset user flow. Instead, the error code AADB2C90118
is returned to your application. Your application must handle this error code by reinitializing the authentication library to authenticate an Azure AD B2C password reset user flow.
The recommended way to handle password reset is to use Self-service password reset, you can read more here:
The new password reset experience is now part of the sign-up or sign-in policy. When the user selects the Forgot your password? link, they are immediately sent to the Forgot Password experience. Your application no longer needs to handle the AADB2C90118 error code, and you don't need a separate policy for password reset.
You can use above approach to handle password reset directly from the current set of policies without the need of having additional password reset policy.
Please let me know if you have any questions and if this helped.