Hi @Zhang, Jiawang/张 家旺 • Thank you for reaching out.
I understood that you want to know how can we reset passwords in Azure AD B2C apart from user flow or custom policy.
You can use the Graph API method to reset the password but it can only be done by using the standard Azure AD Functionality of the B2C tenant. This means, if you register an application in the B2C tenant using the first 2 options, you can use Graph API with Directory.AccessAsUser.All
permission but these applications don't support user flows. So you will have to use the login.microsoftonline.com/your_tenant
endpoint to acquire the access token for the password reset calls and not the your_tenant.b2clogin.com
endpoint.
If you select the third option during app registration, you will not be able to use the application for password reset as Graph API permission Directory.AccessAsUser.All
won't be available. In this case, you will have to use the password reset using user flow or custom policy.
After you acquire the token, you need to use the token as the bearer token in the authorization header and make the below graph call to reset the password.
Call: POST https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/authentication/passwordMethods/{id}/resetPassword
Body:
{
"newPassword": "newPasswordvalue",
}
If you don't know the passwordMethods ID, you can use below GET call to find that:
GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/authentication/passwordMethods/
To test these calls, you can also use Graph Explorer
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.