We are following https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-password-change#:~:text=Choose%20All%20services%20in%20the,for%20and%20select%20the%20TrustframeworkExtensions. to setup change password via custom policy. Positive scenario works well, however, if a user provides incorrect old password, we get a message 'The username or password provided in the request are invalid.' Didn't find from where the message is coming. Any leads would be helpful.
1 Answers
0
votes
Verify in your validation technical profile in the metadata and confirm whether this is the information. see example below:
<TechnicalProfiles>
<TechnicalProfile Id="login-NonInteractive">
<DisplayName>Local Account SignIn</DisplayName>
<Protocol Name="OpenIdConnect" />
<Metadata>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">We can't seem to find your account</Item>
<Item Key="UserMessageIfInvalidPassword">**Your password is incorrect**</Item>
<Item Key="UserMessageIfOldPasswordUsed">Looks like you used an old password</Item>
<Item Key="ProviderName">https://sts.windows.net/</Item>
<Item Key="METADATA">https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration</Item>
<Item Key="authorization_endpoint">https://login.microsoftonline.com/{tenant}/oauth2/token</Item>
<Item Key="response_types">id_token</Item>
<Item Key="response_mode">query</Item>
<Item Key="scope">email openid</Item>
<Item Key="grant_type">password</Item>
<!-- Policy Engine Clients -->
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="HttpBinding">POST</Item>
</Metadata>
ContentDefinition Id="api.selfasserted". If you want to customize it, please look into this answer: stackoverflow.com/questions/46798311/…. – Allen Wu