By default when you create a sign-up or sign-in policy (with local accounts), you see a Forgot password? link on the first page of the experience. Clicking this link doesn't automatically trigger a password reset policy. Instead, the error code AADB2C90118 is returned to your app. Your app needs to handle this error code by invoking a specific password reset policy.
This policy demonstrates how to embed the password reset flow a part of the sign-up or sign-in policy. So, Azure AD B2C will not return the AADB2C90118 error message.
The live demo demonstrates the self-service password reset experience. To test the policy, follow these steps:
- Create an account using the B2C_1A_Demo_SignUp_SignIn_SSPR policy with your email address.
- Run the B2C_1A_Demo_SignUp_SignIn_SSPR policy again and select the Forgot your password? link. The link will take you to the password rest page.
- Complete the password reset process.
For information about the policy check out the Set up a password reset flow in Azure Active Directory B2C article.
Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-ad-b2c]. If you find a bug in the sample, please raise the issue on GitHub Issues. To provide product feedback, visit the Azure Active Directory B2C Feedback page.
Note: This sample policy is based on SocialAndLocalAccounts starter pack. All changes are marked with Demo: comment inside the policy XML files. Make the necessary changes in the Demo action required sections.