Azure ad B2C password reset link redirects with signup/signin policy endpoint by default
Question
I'm using azure ad B2C and after setting up my policies I saw that the "did you forget your password link" on the sign-up or sign-in page when clicked redirects to the url of the of the same sign-in or sign-up endpoint which in my auth.guard has a reply url of which checks authorization and if true redirects the user to the home page and if false redirects
I thought that the reset password link should by default be connected to my created reset password policy but that doesn't seem to be the case.
I'm using angular-oidc-auth-client API for setup and connection and this is my configuration in app.modules.ts
export class AppModule {
constructor(public oidcSecurityService: OidcSecurityService, private oidcConfigService: OidcConfigService) {
this.oidcConfigService.onConfigurationLoaded.subscribe(() => {
console.log('OpenID Configuration loaded');
console.log(oidcConfigService.clientConfiguration);
const openIDImplicitFlowConfiguration = new OpenIDImplicitFlowConfiguration();
openIDImplicitFlowConfiguration.stsServer = 'https://xxxxxx.b2clogin.com/xxxxxx.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_b2c_signup_signin'
openIDImplicitFlowConfiguration.redirect_url = 'http://localhost:29895/login-redirect';
openIDImplicitFlowConfiguration.client_id = 'xxxxxxxxxxxxxxxxxxxxxxxxxxx';
openIDImplicitFlowConfiguration.response_type = 'id_token';
openIDImplicitFlowConfiguration.scope = 'openid';
openIDImplicitFlowConfiguration.post_login_route = '/login-redirect';
openIDImplicitFlowConfiguration.post_logout_redirect_uri ='http://localhost:29895/content/dashboard';
openIDImplicitFlowConfiguration.forbidden_route = '/Forbidden';
openIDImplicitFlowConfiguration.log_console_warning_active = true;
openIDImplicitFlowConfiguration.log_console_debug_active = true;
openIDImplicitFlowConfiguration.max_id_token_iat_offset_allowed_in_seconds = 50;
const authWellKnownEndpoints = new AuthWellKnownEndpoints();
authWellKnownEndpoints.setWellKnownEndpoints(this.oidcConfigService.wellKnownEndpoints);
this.oidcSecurityService.setupModule(openIDImplicitFlowConfiguration, authWellKnownEndpoints);
});
}
}
How do you get the "did you forget your password" link to get the flow of my reset password policy? Is there anything outside of the azure portal or in my app.modules that need to be configured?
1 answers
solution1
1 ACCPTED 2019-01-20 15:49:07
I thought that the reset password link should by default be connected to my created reset password policy but that doesn't seem to be the case.
The request flow doesn't work like this in AADB2C. In case when user clicks on reset password link, AADB2C redirects to the relying party service (main service) with a specific error code (AADB2C90118). The Relying Party Service should then invoke the reset password policy flow.
The code sample link to catch the error and then redirect to reset password handler
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.