Change Password Azure AD B2C
I have been able to create Azure Functions App to manage Azure B2C Users. I can create new users, and update profiles flawlessly using the client_credentials Flow. However, when I change the password using a PATCH request with body:
{
passwordProfile: {
password: 'password-value',
forceChangePasswordNextSignIn: false
},
passwordPolicies: "DisablePasswordExpiration"
}
I get this error:
{code: 'Authorization_RequestDenied', message: 'Insufficient privileges to complete the operation.'}
I have done some research on this, and figured out that updating password requires Delegated Permission "Directory.AccessAsUser.All". From the Front End Application, I am signing in using the B2CLogin Flow, therefore the access token is not compatible with Graph API. Also, "Directory.AccessAsUser.All" does not exist at the Application level in the B2C application. Therefore, I cant use the Patch Request with the client_credentials Flow as well. According to some suggestions, the process can be done by Azure AD PowerShell by assigning "Company Administrator" Role. But, I have not found a solution to reset password through the Azure Function. A step-by-step solution(if it exists) would be really helpful for me as I am relatively new to Azure Services.
The easiest way is to assign the Global Admin role to the service principal on Azure portal.
Go to Azure Portal - Azure Active Directory - Roles and administrators.
Search for "Global admin" and select it.
Click on +Add assignments. And then search for your service principal.
Please note that "Applications are allowed for active assignments only.".
So after clicking on "Next>", select "Active" for the Assignment type.
After the assignment is finished, you are able to update the password using client_credentials flow.
Add-AzureADDirectoryRoleMember which is mentioned by @Jas Suri can also do the same thing.
- Azure AD B2C password expiration
- Creating authentication flow in .NET MAUI app for Azure AD B2C
- Limit Azure Active Directory Registrations
- Custom policy to send OTP code via sendgrid gives exception about otpToVerify not being found but required
- Azure B2C: MFA With Email. Field Blank
- How to troubleshoot RESTful endpoint response in custom policy?
- Azure AD B2C - Can I host custom UI pages on private server?
- Azure B2C client credentials flow throws invalid_grant AADB2C90085
- Microsoft: Unable to resolve Configuration with the provided Issuer
- Getting Redirect URI Mismatch error in Azure AD b2C
- Trigger azure function on user registration in b2c
- Azure AD B2C IEF custom sign-up policy grab query parameters
- B2C Redirect to specified URI after Login
- Remove / Reset Azure AD B2C User MFA Option
- Azure AD B2C Custom Policy Exception on ClaimType
- Confused on how to get access tokens from B2C in Blazor App
- Using different layout for unauthenticated users in Blazor WASM
- Add claims into token Azure B2C
- I am getting an error that OAuth2 Code has already been redeemed
- Azure B2C modify SAML AccessTokenLifetime
- Cannot create Azure B2C Tenant
- My Azure AD B2C User Flow is not returning a token on jwt.ms
- Azure B2C user flow without an email
- Azure B2C Custom Policy - REST Call with Bearer Token from OIDC Step
- how to limit code verification email Spaming in Azure B2C
- Local user accounts not created properly in Azure AD B2C
- How do add device management to TOTP custom B2C policy?
- Server error occured while using B2C on Azure API Management Develop portal
- Changing Default Email Address in Azure AD B2C User Flows Without Custom Policies
- Can you create 'User Flows' in Azure with a pay-as-you-go account