TechQA.

Azure B2C ROPC flow (Web Api): Let Users reset their password

324 views Asked by At

I've just found out how to update the password of a signed-in user via Graph api in my Web Api. Now I need to send a user that is not signed-in an email with a new password so they can sign in and change their password.

How can I send an email to an User without a signed-in user (so no token)? And if that's not possible, how can I give users the ability to change their forgotten passwords in my Web API (ROPC flow)? Thank you very much!

azure azure-ad-b2c reset change-password ropc
Original Q&A
1

There are 1 answers

3
Sridevi On

I tried to reproduce the same in my environment and got below results:

I registered one application and added API permission like below:

enter image description here

Now I generated one access token using ROPC flow via Postman like below:

POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token

client_id: <appID>
grant_type:password
scope: https://graph.microsoft.com/Directory.AccessAsUser.All
username:[email protected]↵
password: xxxxxxxxxxx
client_secret:<secret>

Response:

enter image description here

Now, I used the above token in below graph call and changed password successfully like below:

POST https://graph.microsoft.com/beta/users/<userID>/changePassword
Content-type: application/json

{
    "currentPassword": "xxxxxxxxxx",
    "newPassword": "yyyyyyyyyy"
}

Response:

enter image description here

Reference:

How to reset and change the password using Microsoft graph API of Azure AD B2C users by AmanpreetSingh-MSFT

Related Questions in AZURE

Related Questions in AZURE-AD-B2C

Related Questions in RESET

Related Questions in CHANGE-PASSWORD

Related Questions in ROPC

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions