0

I'm having this error when y press on the forgot password button on my custom signup/signin policy:

http://localhost:4200/?error=access_denied&error_description=AADB2C90118%3a+The+user+has+forgotten+their+password.%0d%0aCorrelation+ID%3a+1a6f0897-8e02-4a29-a413-209649f5e5bb%0d%0aTimestamp%3a+2017-10-25+20%3a52%3a25Z%0d%0a

If I access directly to my custom reset password policy it works.

Is there some configuration that I should add to my policies to make them work?

Thanks in advance!

Germán

Germán Svriz
  • 189
  • 1
  • 12
  • 1
    Possible duplicate of [ad b2c self service password reset link doesn't work](https://stackoverflow.com/questions/41497158/ad-b2c-self-service-password-reset-link-doesnt-work) – spottedmahn Oct 26 '17 at 14:33

1 Answers1

3

This is by design.

Your end application is expected to handle this forgot password "error" by invoking your password reset policy.

An example of this can be found in the B2C-WebApp-OpenIDConnect-DotNet-SUSI sample.

See the Startup.Auth class for how the AADB2C90118 error is handled.

Chris Padgett
  • 14,186
  • 1
  • 15
  • 28
  • I have a new question about this: this works on my mobile application. But on a web page I can't capture the error because it redirects to azure. Right now we manage it hiding the reset password from the form retreived from azure. And then we add a new link below to our custom reset password policy. Can we manage this in a better way? – Germán Svriz Jun 18 '18 at 14:54
  • Hi @GermánSvriz: What do you mean you "can't capture the error because it redirects to Azure"? – Chris Padgett Jun 18 '18 at 21:56