How to redirect after using a Custom Policy in Azure AD B2C?

Eduardo Bravo Casas 0 Reputation points
2025-01-07T10:54:58.2733333+00:00

I am trying to use a custom policy in Azure B2C that changes the password. The custom policy works, it changes the password and takes you to a page that confirms the password has been changed. However, I need it to redirect from there to the site where the custom policy was invoked, which in this case is a section of a configuration area. I don’t know what I can try or do to achieve this redirection. Maybe someone had a similar problem or whatever. And I didn't found so much information. So I would be so glad if someone can give me a hand, a path to follow.

Thanks in advance

This is the documentation with the sample code that I'm trying to implement: https://github.com/azure-ad-b2c/samples/tree/master/policies/password-reset-only

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,888 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sakshi Devkante 235 Reputation points Microsoft Vendor
    2025-01-08T01:19:32.63+00:00

    Hello @Eduardo Bravo Casas

    Thank you for posting your query on Microsoft Q&A.

    In the case of SP-Initiated flow, the application constructs the authentication request along with the redirect_uri parameter and sends the request to the IDP. The IDP then verifies that the URL specified in the 'redirect_uri' parameter matches with the Reply URL registered in the application whose client_id is supplied in the request. If both these URLs match, the token is posted to the 'redirect_uri` after successful authentication. At this point, the authentication flow is considered completed and the state parameter is not preserved. So, overriding the Redirect URI and preserving the State parameter is not possible.

    So, at this point there is an open session after authentication is complete, and the xml file you created in the custom policy will come in the picture. After authentication, there are two stages.

    In the first stage, you have your old password, and you wish to change it. In this case, you must enter your old and new passwords, and you will proceed with the same session page; it is not possible to redirect the session or the page to a different page after the password has been reset.

    Stage 2: if you forget your password, it will ask for your mobile verification to verify your identity. Once your identity has been verified using any authentication method, it will ask for a new password and create a new session page and asks you to login into application using new password.

    The redirection of the page to the site where the custom policy was invoked after the successful password rest is not possible.

    I hope this clarifies things. Please contact us if you have any additional questions.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    Best regards,
    Sakshi Devkante


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.