Azure AD B2C用户重置密码的方式?

Zhang, Jiawang/张 家旺 1 Reputation point
2022-04-04T02:36:48.317+00:00

Azure AD B2C用户有几种方式可以重置密码?

我所知道的已经有密码重置用户流以及密码重置自定义策略。

除了这两种方式,还有其他的方式吗?
Graph API可以重置吗?

如果有其它的方式,能提供一个详细的示例吗?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,023 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,882 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,611 Reputation points
    2022-04-04T08:07:10.83+00:00

    Hi @Zhang, Jiawang/张 家旺 • Thank you for reaching out.

    I understood that you want to know how can we reset passwords in Azure AD B2C apart from user flow or custom policy.

    You can use the Graph API method to reset the password but it can only be done by using the standard Azure AD Functionality of the B2C tenant. This means, if you register an application in the B2C tenant using the first 2 options, you can use Graph API with Directory.AccessAsUser.All permission but these applications don't support user flows. So you will have to use the login.microsoftonline.com/your_tenant endpoint to acquire the access token for the password reset calls and not the your_tenant.b2clogin.com endpoint.

    If you select the third option during app registration, you will not be able to use the application for password reset as Graph API permission Directory.AccessAsUser.All won't be available. In this case, you will have to use the password reset using user flow or custom policy.

    189648-image.png

    After you acquire the token, you need to use the token as the bearer token in the authorization header and make the below graph call to reset the password.

    Call: POST https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/authentication/passwordMethods/{id}/resetPassword  
    Body:  
    {  
    "newPassword": "newPasswordvalue",  
    }  
    

    If you don't know the passwordMethods ID, you can use below GET call to find that:

    GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/authentication/passwordMethods/  
    

    To test these calls, you can also use Graph Explorer

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.