'The username or password provided in the request are invalid' error in change password custom policy

0
votes

I have created password reset custom policy in Azure B2C as per the Microsoft document. It asking for entering username and password if we don't have any active sessions. After entering username and password, a window for password reset opens and am able to update the password.

But if there any active session, it directly pop up the password reset page. When i enter old password, new password, confirm password and click on continue button, it showing 'The username or password provided in the request are invalid'.

I have followed all steps exactly as in Microsoft document. Can any one please help me to resolve this issue?

Document I have followed: https://docs.microsoft.com/en-us/azure/active-directory-b2c/add-password-change-policy?pivots=b2c-custom-policy

1
azureazure-ad-b2cchange-passwordazure-ad-b2c-custom-policyidentity-experience-framework
Test your sign in policy. Very likely it doesn’t work and your login-non interactive technical profile is incorrectly configured. docs.microsoft.com/en-us/azure/active-directory-b2c/… - Jas Suri - MSFT
Hi, Iam using B2C Sign in flow for sign in and change password custom policy for changing password in our mobile application. As per our requirement, customer will be logged in to the mobile application using B2C sign in userflow. If their session is active, they should be able to change the password without sign in again from the mobile application. I have identified the issue that SignInName is not passed to login-non interactive technical profile from active session. can you suggest any solution for this? - Ramya
Sounds like you are mixing User Flow and Custom Policy, that will run into issues. Use a Custom Policy for the Sign In, and then you can use the correct claims names across policies. - Jas Suri - MSFT
As suggested i have changed my sign in user flow to custom policy. We are using user Id for sign in instead of email address. I have used following custom policy which i got from the website. github.com/azure-ad-b2c/samples/tree/master/policies/… After i execute change password custom policy. But it showing a sign in page again even if there is an active session - Ramya
Make sure you are not passing the prompt=login query param in your change password policy auth request - Jas Suri - MSFT

1 Answers

0
votes

Make sure ProxyIdentityExperienceFramework application in TrustFrameworkExtensions.xml of the custom policies has been configured correctly.

  1. Register Identity Experience Framework applications

  2. Add application IDs to the custom policy