Home > Back-end >  Azure AD B2C reset password options when calling Microsoft Graph from an API
Azure AD B2C reset password options when calling Microsoft Graph from an API

Time:01-23

Is there any way to reset a B2C user's password from a b2c app granted only application permissions for Microsoft Graph?

We have a scenario where there are non email users in a multi-tenant app and we need to allow admins to reset passwords. To provide user management features we have an app service which uses the .net Microsoft.Graph SDK. It seems the only way to reset a users password is to use resestPassword, but this cannot be called by an Application.

As far as I can see the only option open to us is to setup a user for this task and store their details in Azure Key vault, then have the app sign in as the user to call the endpoint.

I would really like to avoid this approach if possible and it seems like this must be a common scenario so I am hoping there is a better way?

CodePudding user response:

Hi you can use update user to reset a B2C user's password.

PATCH https://graph.microsoft.com/v1.0/users/{id}
Content-type: application/json

{
  "passwordProfile": {
    "forceChangePasswordNextSignIn": false,
    "password": "xWwvJ]6NMw bWH-d"
  }
}

For more information: https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http#permissions

CodePudding user response:

I tried to reproduce the same in my environment and got the results like below:

Note that: As per the MsDoc, currently it is not possible to reset password for users with granting only Application permissions.

Resetting the users password with Application permissions will lead to the below error:

POST https://graph.microsoft.com/v1.0/users/UserID/authentication/passwordMethods/28c10230-6103-485e-b985-444c60001490/resetPassword 
Content-type: application/json
 {
 "newPassword": "xxxx"
  }

enter image description here

Alternatively, I created an Azure AD Application and granted below API permissions:

enter image description here

Grant User Administrator role to the Service principal like below:

enter image description here

Now generate the access token via Client Credential flow using below parameters:

GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

client_id:ClientID
client_secret:ClientSecret
scope:https://graph.microsoft.com/.default
grant_type:client_credentials

enter image description here

Using the above generated token, try resetting the password using the below query:

PATCH https://graph.microsoft.com/v1.0/users/{id}
Content-type: application/json

{
  "passwordProfile": {
      "password": "xxxx"
  }
}

enter image description here

You can use forceChangePasswordNextSignIn parameter based on your requirement.

References:

Azure Reset Password using Graph API by CarlZhao-MSFT

Reset a user's password in ADB2C using MS Graph API by kh_Ro

Page link:https//www.codepudding.com/Backend/680903.html

Prev:How to open Azure database .bacpac locally for local Umbraco website?
Next:Unable to programmatically add/update Azure Function Key
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding