❔ Azure AD B2C user - password reset
Hello, I need some help with Azure AD B2C user flows and custom policies. In my current project, I have to change how the password reset process works. I want to customize this process by using own REST API endpoint that checks and verifies the email address. Has anyone done something like this before? If you have, could you please share your thoughts here? I'm looking to talk about how to get started because I'm new to Azure AD B2C and don't know where to begin. Thank you!
12 Replies
I did not build it yet but for an upcoming project I had researched a similar scenario.
Not sure what your use case is exactly but I would suggest leaving the authentication process / reset password flow at the AAD B2C side and integrate with an external system to store additional information related to that user.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/overview#integrate-with-external-user-stores
What is Azure Active Directory B2C?
Learn how you can use Azure Active Directory B2C to support external identities in your applications, including social sign-up with Facebook, Google, and other identity providers.
So in our case after a user is authenticated and redirected back to our application, with a valid token we can request some kind of profile-service if this user can or cannot access something.
This is certainly possible, just Azure B2C is a monser to make custom policies for :)
we have this one for example:
This technicalprofile returns a
tokenSuccess
claim which is true or false depending on what the API call returned in the JSON body
you can then use that in
this is a treacherous path and it'll take a lot of digging on the internet and trying possibilities to get it rightAbsolutely true about the custom policies, the documentation is a study on its own. Pretty cool what you're doing here in that policy... so you're logging in with AAD B2C but actually use the legacy system to verify username/password and provide tokens right?
in this case, it's an excerpt from the login system where if a password is incorrect, we check the old system. If it's correct there, we update the password in B2C and let the user through
we also do similar things in the forgot password flow, e.g. make a callback to our system to record it to an event log
Oh this is very handy to migrate from a legacy system to AAD
yes, seamlessly so the users don't notice
Thanks for sharing ! Will definitely be using this in the nearby future 😄
Unknown User•15mo ago
Message Not Public
Sign In & Join Server To View
Use the /close command to mark a forum thread as answered
Not my thread 😄
Was this issue resolved? If so, run
/close
- otherwise I will mark this as stale and this post will be archived until there is new activity.