This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 48%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Greetings. We are experiencing a very specific problem.
We are using the AD B2C Tenant User flows for handling sign ups, sign ins and password resetting. For password reset we're using the Reset password (Recommended) user flow. Within this flow we have the "Forgot password page" for which we specify a custom page URI.
Now when we run this flow, things initially work as intended and we're presented with our custom page:
But the problem occurs once we verify the email and click next. We expect to see the page for resetting password (with fields for new password and for confirmation of the new password), but instead we're again presented with the first page (email verification), just that this time it's not our custom page, but Azure's default forgot password page (with our translations, don't mind that).
Then, only after verifying the email again on this page and clicking next, we get to our desired page:
The desired flow is to get redirected to the page on the last image when confirming the email for the first time. We have been looking for solutions all over the settings, configurations and documentations with no success at all.
Any help or pointing to the right direction would be greatly appreciated. If additional info is needed, we are happy to provide it.
Thanks in advance,
Rene
The solution was to turn off MFA.
We had MFA with email enabled on the password reset flow. This caused the user to first have to confirm his email for MFA and then again in order to reset the password. Turning MFA off solved the issue completely.
The confusing part was that on production we had the exact same configuration and it didn't ask the user for email confirmation twice.
The reason for that was apparently the fact that MFA triggers only if the user isn’t already registered and his email isn't yet verified.
Hope this helps anyone facing similar problems.
@Rene Krajnc • Thank you for sharing.
Hi @Rene Krajnc • Thank you for reaching out.
The only reason I can think of, which could be contributing to the issue, is due to the custom page that you have specified. If you use the default page, do you still get the page twice?
Could you please try using https://moviesdiag132.blob.core.windows.net/b2c/ResetPwd.html as the custom page and confirm if you still face this issue? If you don't face the issue with this page, try referencing this page to update your custom HTML page.
If you still face this issue, kindly share your HTML file and I will try to use that in my B2C tenant.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @AmanpreetSingh-MSFT , Thank you for your quick reply.
We tried using the default URI (selecting "no" under "Use custom page content") which first took us to the blue email confirmation view and then after confirming it, again to the same page which then on the 2nd attempt worked. We also tried your URI. Again, first it opened your email confirmation page and after confirming the email, it took us to the blue email confirmation view, which again finally took us to the actual password reset view.
So the problem isn't in the custom page.
We did notice a slight difference in the URL's though. When we first get to the email confirmation view, the URL is:
After we confirm the email address and end up on the same view again, the URL is:
The main difference is that in the first case after ".onmicrosoft.com/" we have "oauth2/v2.0/authorize?p=B2C_1_password_reset2",
while the 2nd has "B2C_1_password_reset2/api/SelfAsserted/confirmed?"
@Rene Krajnc • Could you please capture and share fiddler trace for this purpose. Please follow the below instructions to capture a Fiddler trace:
Setup:
• Download and install Fiddler from here: https://www.telerik.com/fiddler
• Follow these instructions to enable HTTPS capture: https://docs.telerik.com/fiddler/configure-fiddler/tasks/DecryptHTTPS (do step 1 and 2)
To get traces:
• Start fiddler (it will start capturing)
• Repro the issue.
• Stop fiddler capturing by hitting the F12 key.
• Save all sessions in .saz file and send via email to <removed>. I will analyze the capture and let you know.
Note: Fiddler may have credentials in plain text, So, I would suggest you to use a temporary test account to reproduce the issue while capturing the fiddler.
I have shared more details on the second issue in the other post. Feel free to tag me if you have any further questions.