question

Chilberto avatar image
0 Votes"
Chilberto asked sikumars commented

Azure B2C signin-oidc Password Reset - OpenIdConnectProtocolException - invalid_grant

Sign-in and Sign-out flows are working correctly without an error. The password reset is working - the password is changed and the user flow test shows the claims being created correctly.

The issue I am facing is on the redirect. This ends with:
Message contains error: 'invalid_grant', error_description: 'AADB2C90088: The provided grant has not been issued for this endpoint. Actual Value : B2C_1_si and Expected Value : B2C_1_reset

My configuration is pretty simple:
"AzureAdB2C": {
"Instance": "",
"ClientId": "",
"CallbackPath": "/signin-oidc",
"Domain": "hmrdev.onmicrosoft.com",
"SignUpSignInPolicyId": "b2c_1_si",
"ResetPasswordPolicyId": "b2c_1_reset",
"EditProfilePolicyId": "b2c_1_edit_profile",
"ClientSecret": "
",
"B2cExtensionAppClientId" :"
***"
},

And my configuration in Startup:
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAdB2C"));

         services.AddAuthorization(options =>
         {
             options.FallbackPolicy = options.DefaultPolicy;
             options.AddPolicy("IsNewUser", policy => policy.RequireClaim("newUser"));
         });

I am able to test the user flow without issue. You can see the claim being returned here:
145242-image.png

So, do I need to somehow redirect to a different endpoint?

Cheers - Jeff




azure-ad-b2cdotnet-aspnet-core-mvc
image.png (2.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Chilberto avatar image
1 Vote"
Chilberto answered sikumars commented

Figured it out... and, like most cases, the answer or clue was in the documentation.
145207-image.png



This was an upgraded project so the reset was set in the application settings. This confusing things. I was able to perform the reset but the result returned was for the sign up user flow. So this confused the framework.


image.png (19.5 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for leveraging Microsoft Q&A forum and also sharing your findings which would help others in community who experience similar issue. If you have any additional question feel free reach out us. Once gain thanks for your time on this thread.

0 Votes 0 ·