Azure AD B2C password change custom policy, user needs to sign in every time
Question
I've implemented the password change custom policy according to the documentation and use msal.js on the frontend to start the password change flow. This works accept that the user needs to sign in again although the user is already signed in to the application. So it asks the user credentials every time. Why isn't B2C detecting that the user has already signed in and how can I solve this? Thanks!
2 answers
solution1
1 ACCPTED 2018-03-08 15:24:26
MSAL.js is setting the prompt parameter, therefore, forcing B2C to ignore the cookie, therefore, forcing the sign-in.
const urlNavigate = authenticationRequest.createNavigateUrl(scopes) + "&prompt=select_account" + "&response_mode=fragment";
You can verify this by taking the URL MSAL.js redirects the user to and removing the prompt query parameter.
Related GitHub Issue: Allow Controlling the prompt parameter . We need to convince the MSAL library owners we need control over this parameter.
solution2
1 2019-10-10 19:47:29
If you are trying to test through the B2C Custom Policies "Run now" endpoint, just remove the &prompt=login query parameter from the link. If you are already logged in it will skip the login, if you are not, it will still prompt for your credentials.
Credit to Jas Suri: Azure B2C EditProfile custom policy without Signing In first
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.