B2C redirect after user journey is completed

1
votes

I'm using custom policies in my B2C tenant and found out that the "Forgot password?" link redirects to an error page (AADB2C90118). After researching on the Internet I found a custom policy which allows me to embed the password reset inside the sign-up or sign-in policy.

This works like a charm, validating the email an changing the password as expected. The issue I have is that I want to redirect the user to the sign-in page after the reset password is completed successfully.

My goal would be to redirect the user to the sign in page so he/she is able to sing in whit the new credentials. Is there a way to reset the user journey or redirect the user to the sign in page using custom policies?

Here is the Step that check if the user has selected to change his/her password:

<OrchestrationStep Order="3" Type="ClaimsExchange">
      <Preconditions>
        <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
          <Value>isPasswordResetFlow</Value>
          <Action>SkipThisOrchestrationStep</Action>
        </Precondition>
      </Preconditions>          
      <ClaimsExchanges>
        <ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountChangePasswordUsingObjectId" />
      </ClaimsExchanges>
    </OrchestrationStep>

And here is the TechnicalProfile to change the password:

<TechnicalProfile Id="LocalAccountChangePasswordUsingObjectId">
      <DisplayName>Change password</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <Metadata>
        <Item Key="ContentDefinitionReferenceId">api.localaccountpasswordreset</Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
      </CryptographicKeys>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="objectId" />

      </InputClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
        <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
      </OutputClaims>
      <ValidationTechnicalProfiles>
        <ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId" />
      </ValidationTechnicalProfiles>
    </TechnicalProfile>
1
azurepasswordsazure-ad-b2c

1 Answers

0
votes

You could use a precondition in the journey based on whether the user did password reset, to launch another claims provider selection, which offers the exact same as the initial sign in/up page logic.

        <OrchestrationStep Order="5" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
              <Value>isPasswordResetFlow</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <ClaimsProviderSelections>
            <ClaimsProviderSelection TargetClaimsExchangeId="FacebookExchange" />
            <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
          </ClaimsProviderSelections>
          <ClaimsExchanges>
            <ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
          </ClaimsExchanges>
        </OrchestrationStep>

        <!-- Check if the user has selected to sign in using one of the social providers -->
        <OrchestrationStep Order="6" Type="ClaimsExchange">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>objectId</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
              <Value>isPasswordResetFlow</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <ClaimsExchanges>
            <ClaimsExchange Id="FacebookExchange" TechnicalProfileReferenceId="Facebook-OAUTH" />
            <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
          </ClaimsExchanges>
        </OrchestrationStep>

Without this, the sample will not setup the SM-AAD session, and subsequent policy calls or silent token calls will need a sign in anyway.