My goal is to create an Azure AD B2C User via the graph API with a password of my choosing and then for the user to go through a password reset experience after their first login.
Firstly, how does one get a user into a state that would trigger the password reset upon their next login? If I go reset password in Azure and then use the generated password at sign-in, I get a "This password has expired" error. Presuming it's a password policy issue, I've been toying with the Graph API like:
user.PasswordPolicies = "DisablePasswordExpiration,DisableStrongPassword";
user.PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
};
My Graph API access is successful but I still can't get around the error:
"This password has expired"
The second issue, is how exactly do I set up a user flow that achieves this? I would prefer an on-screen password reset experience instead of the email-based experience.
The most promising direction appears to be switching from User Flows to Custom Policies where there is an example of how to achieve my goal: https://github.com/azure-ad-b2c/samples/tree/master/policies/force-password-reset-first-logon.
My question is - is this only possible to achieve via the Custom Policy approach?