Share via

Azure AD B2C Sign-In and Password Reset URL Parameters

Muhammad Mirza Bin Kamaludin 0 Reputation points
2023-11-02T04:20:47.6433333+00:00

Hey there, hope you all have an awesome day ahead.

 

I got this azure ad b2c custom sign-in policy called "signin_policy." It uses a custom web html where you can do cool things with JavaScript. On this page, there are some buttons at the footer section. These buttons basically just take you to different web pages. For example, there's a "Help" button, and when you click it, you end up on "[http://portal.platform.com/help]."

 

Now, here's the interesting part: I also use a self-service password reset for when you forget your password. It's basically a part of the same sign-in policy, so it shares the same web html as the sign-in. But here's the twist – when you're on the "forgot password" page and click the "Help" button, it takes you to a different place, "[http://tenantname.b2clogin.com/help]."

 

To sum it up, you've got two URLs to remember:

 

  1. Sign-in URL: "https://tenantname.b2clogin.com/tenantName.onmicrosoft.com/signin_policy/oauth2/v2.0/authorize&redir..."
  2. Forgot password URL: "https://tenantname.b2clogin.com/tenantName.onmicrosoft.com/signin_policy/api/CombinedSigninAndSignup..."

So, I noticed something about those two URLs. The main difference is a special thing called a "parameter." The Sign-in URL has one called "redirect_uri," which helps the "Help" button find the right page to go to. But guess what? That parameter isn't on the Forgot Password URL.

Now, I'm thinking, how do I deal with this? Can I add that missing parameter to the self-service password reset in Azure AD B2C? If I can, how do I do it?

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Developer technologies | C#

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2023-11-06T21:21:32.52+00:00

    Hi @Muhammad Mirza Bin Kamaludin , to understand more, the "Help" button on the sign-in page and the "Help" button on the forgot password page are taking you to different URLs because the forgot password URL is missing the "redirect_uri" parameter?

    To add the missing parameter to the forgot password URL, you can modify the custom web html for the self-service password reset policy. Specifically, you would need to add the "redirect_uri" parameter to the URL that the "Help" button on the forgot password page is pointing to.

    Here's an example of what the modified URL might look like:

    "https://tenantname.b2clogin.com/tenantName.onmicrosoft.com/signin_policy/api/CombinedSigninAndSignup?redirect_uri=http://portal.platform.com/help"

    In this example, we've added the "redirect_uri" parameter to the URL and set its value to "http://portal.platform.com/help", which is the same URL that the "Help" button on the sign-in page is pointing to.

    Once you've made this modification to the custom web html for the self-service password reset policy, the "Help" button on the forgot password page should take you to the same URL as the "Help" button on the sign-in page.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.