Azure B2C signin-oidc Password Reset - OpenIdConnectProtocolException - invalid_grant

Question

Sign-in and Sign-out flows are working correctly without an error. The password reset is working - the password is changed and the user flow test shows the claims being created correctly.

The issue I am facing is on the redirect. This ends with:
Message contains error: 'invalid_grant', error_description: 'AADB2C90088: The provided grant has not been issued for this endpoint. Actual Value : B2C_1_si and Expected Value : B2C_1_reset

My configuration is pretty simple:
"AzureAdB2C": {
"Instance": "****",
"ClientId": "***",
"CallbackPath": "/signin-oidc",
"Domain": "hmrdev.onmicrosoft.com",
"SignUpSignInPolicyId": "b2c_1_si",
"ResetPasswordPolicyId": "b2c_1_reset",
"EditProfilePolicyId": "b2c_1_edit_profile",
"ClientSecret": "****",
"B2cExtensionAppClientId" :"****"
},

And my configuration in Startup:
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAdB2C"));

        services.AddAuthorization(options =>  
        {  
            options.FallbackPolicy = options.DefaultPolicy;  
            options.AddPolicy("IsNewUser", policy => policy.RequireClaim("newUser"));  
        });  

I am able to test the user flow without issue. You can see the claim being returned here:

So, do I need to somehow redirect to a different endpoint?

Cheers - Jeff

Answer 1

Figured it out... and, like most cases, the answer or clue was in the documentation.

This was an upgraded project so the reset was set in the application settings. This confusing things. I was able to perform the reset but the result returned was for the sign up user flow. So this confused the framework.