AAD B2C: forget password doesn't work in sign up and sign in user flow

Question

AAD B2C: forget password doesn't work in sign up and sign in user flow

Carol Lai 531

I created a sign up and sign in user flow as the following.

It showed the following sign in page.

I typed in the email and click on Forgot your password, but I get access denied message.

Accepted answer

0 additional answers

Your answer

Answer 1

AmanpreetSingh-MSFT 56,871 Moderator

Hi @Carol Lai · Thank you for reaching out.

The behavior you have mentioned is the expected behavior in legacy password reset flow:

The user selects the Forgot your password? link. Azure AD B2C returns the AADB2C90118 error code to the application.
Your application must be written to handles the error code and initiates a new authorization request. The authorization request specifies the password reset policy name, such as B2C_1_pwd_reset. To see an example of this, take a look at a simple ASP.NET sample, which demonstrates the linking of user flows.

To switch from legacy to recommended password reset flow, follow below steps. In this case, your application is not required to handle AADB2C90118 error code and B2C takes care of it.

Azure AD B2C > Select User flows > Select a sign-up or sign-in user flow (of type Recommended) that you want to customize > Select Properties > Under Password configuration, select Self-service password reset.
Under Customize in the left menu, select Page layouts > In the Page Layout Version, choose 2.1.3 or above > Select Save.

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Carol Lai 531 Reputation points

2021-05-12T16:14:51.61+00:00

@AmanpreetSingh-MSFT

Does the new recommended password reset flow break the password reset policy when an app is using a custom policy for the password reset policy?

I'm getting an AADB2C90118 error code with the following policy setup in my appsettings.json file.

That's why I tested the user flow to see if I'm getting the same error.

The policy I'm based on is the LocalAccount from https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/LocalAccounts.

When I click the "Forgot your password?" link, I get the AADB2C90118 error code.
AmanpreetSingh-MSFT 56,871 Reputation points Moderator

2021-05-12T17:15:38.963+00:00
Hi @Carol Lai · In the new password reset flow, when a user clicks on forgot password link, we don't call separate user flow/custom policy created for password reset. The signuporsignin policy invokes a subjourney to initiate password reset without calling a separate user flow/policy.

If you want to configure this in your custom policy, you may refer to below document:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-custom-policy

If you want to invoke separate password reset policy when user clicks on forgot password link, configure your application to handle AADB2C90118 error and invoke password reset policy/user flow. Refer to below sample for this purpose:
https://github.com/AzureADQuickStarts/B2C-WebApp-OpenIDConnect-DotNet-SUSI

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Proepster, Michael 16 Reputation points

2021-09-28T05:35:03.973+00:00

Hi @AmanpreetSingh-MSFT ,
what about the sign-in-flow (not signInSignUp)? It seems like this flow does not include a sub-journey. It would be great to include it there since we don't allow a self-service-sign-up for local accounts.

Michael
Sean Moran 10 Reputation points

2023-02-21T16:54:34.7233333+00:00

Hate to pile on, and I know the answer you gave is what the documentation says, but it simply doesn't work with the new recommended user flows. I'm looking for the code to fix this error and retry the password reset again. Oh, well.

Share via

AAD B2C: forget password doesn't work in sign up and sign in user flow

0 additional answers

Your answer