Azure B2C - OIDC redirects to Reset Password Flow instead of signing a user in

Question

Azure B2C - OIDC redirects to Reset Password Flow instead of signing a user in

Anonymous

We have an application that utilizes AzureB2C. The application also has links to partner websites that signs in a user via OIDC. We have the following scenario:

User goes to the website and the website redirects to AzureB2C Sign in page.
The user chooses to Reset his password and goes through the reset password flow. After the user resets his password, he is automatically signed in to our application
The user then clicks a link that should allow him to SSO in via OIDC
Instead of being automatically signed in, the Azure B2C "Reset Password" page is displayed to the user.

As a workaround, the user has to logout and log back in again to be automatically SSO'd in to the partner site.

How do we fix this so that OIDC does not send the user to the Reset Password page?

James Hamil 27,221 Reputation points Microsoft Employee Moderator

2022-04-15T22:07:32.91+00:00

Hi anonymous user , did you follow any tutorials or documents to set this up? There may be an orchestration step out of order. If I had the source I could try to locate it for you.

Best,
James
Anonymous

2022-04-16T01:43:57.34+00:00

Hi James! I have gone through a ton of tutorials to set this up and it's still confusing to me. Attached is a file with the user journey we have defined. Thanks so much! Anna[193498-userjourney.txt][1] [1]: /api/attachments/193498-userjourney.txt?platform=QnA

Accepted answer

0 additional answers

Your answer

James Hamil 27,221 Reputation points Microsoft Employee Moderator

2022-04-15T22:07:32.91+00:00

Hi anonymous user , did you follow any tutorials or documents to set this up? There may be an orchestration step out of order. If I had the source I could try to locate it for you.

Best,
James
Anonymous

2022-04-16T01:43:57.34+00:00

Hi James! I have gone through a ton of tutorials to set this up and it's still confusing to me. Attached is a file with the user journey we have defined. Thanks so much! Anna[193498-userjourney.txt][1] [1]: /api/attachments/193498-userjourney.txt?platform=QnA

Answer 1

James Hamil 27,221 Microsoft Employee Moderator

Hi anonymous user , I saw my colleague Jas answered this question on StackOverflow.

There was a bug in the setup for the “recommended” password reset flow.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-custom-policy#self-service-password-reset-recommended

In the ForgotPassword technical profile, set UseTechnicalProfileForSessionManagement to SM-Noop.

Please let me know if you have any questions.

If this answer helped you please mark it as "Verified" so other users can reference it.

Thank you,
James

Hamza Anjum 1 Reputation point

2023-02-23T10:45:48.4933333+00:00

Hi @James, Can you get it fixed in the relevant policies on github too, so others don't fall into the same trap again

e.g., https://github.com/azure-ad-b2c/samples/blob/master/policies/embedded-password-reset/policy/TrustFrameworkExtensions_SSPR.xml
Hamza Anjum 1 Reputation point

2023-02-23T10:46:49.5466667+00:00

Hi James, Can you please get it fixed in the relevant policies on GitHub too, so others don't fall into the same trap

https://github.com/azure-ad-b2c/samples/blob/master/policies/embedded-password-reset/policy/TrustFrameworkExtensions_SSPR.xml

Share via

Azure B2C - OIDC redirects to Reset Password Flow instead of signing a user in

0 additional answers

Your answer