Azure AD B2C用户修改密码

Zhang, Jiawang/张 家旺 1 Reputation point
2022-03-27T06:06:54.383+00:00

我现在需要使用B2C修改用户的密码,尝试了一下3种方式都有些问题。

1、https://learn.microsoft.com/en-us/graph/api/user-changepassword?view=graph-rest-1.0&tabs=http
这种方式好像只能使用通过户流登录获取的token才能进行修改。
目前因为通过B2C获取到的access_token好像不能用于调用graph api、所以这条路貌似行不通。
所以,B2C怎么和graph api结合使用?

2.https://learn.microsoft.com/en-us/graph/api/passwordauthenticationmethod-resetpassword?view=graph-rest-beta&tabs=http
好像这种方式可以直接重置用户的密码,但是我得到了以下的错误。

187184-image.png

因为token是通过无用户流获取的,所以token中自然不会包含具体的UserPrincipalName字段。这个问题应该怎么解决?
怎么通过无用户流修改指定用户的密码?

  1. https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http
    这种方式是通过更新用户的密码配置文件去更新密码。
    但是我得到了以下错误:
    187183-image.png

提示我想应该是权限不足、
这个权限 Directory.AccessAsUser.All 应该要 delegated permission 这种类型,但我添加的application permission 类型。因为在B2C中delegated permission只有openid和offline_access两种权限。我应该怎么去处理?

另外通过创建B2C的密码重置流,好像都无法修改用户的密码,

187204-image.png

这个画面过了之后并没有跳转到修改密码的画面,而是又回到了登录页。

怎样都好,我想修改B2C用户的密码,我应该怎么做?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,137 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,723 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,207 questions
{count} votes

1 answer

Sort by: Most helpful
  1. CarlZhao-MSFT 39,101 Reputation points
    2022-03-28T06:02:34.857+00:00

    Hi @Zhang, Jiawang/张 家旺

    First go to your application's Manifest blade, then find the signInAudience property and change it to: AzureADMyOrg. This will ensure that your application can be granted the Directory.AccessAsUser.All delegated permission.

    187336-2022-03-28-135610.png

    Also, if you call graph api then you must use Azure AD based authentication flow (eg: ROPC flow or auth code flow)to get the token. Tokens for user flow or custom policy can only be used to call the web api and not the graph api.

    187298-image.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.