Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,703 questions
Azure B2C - Bearer AccessToken not being generated when using ProfileEdit/PasswordReset custom policies using Local Accounts
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 88%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Tommy
0
Reputation points
I'm having some trouble getting the AccessToken to generate for the PasswordReset and ProfileEdit custom policies using Local Accounts.
It seems to work fine and generate the token correctly for SignIn/SignUp policies using the auto generated files I got from using https://b2ciefsetupapp.azurewebsites.net/, without any other changes required.
Steps I took:
- Generate files from [ https://b2ciefsetupapp.azurewebsites.net/]
- Added Token Endpoint to the RelyingParty block for PasswordReset & ProfileEdit custom policies as was already included in the SignUpSignIn policy.
I have tried including the Token endpoint to the other policies, as mentioned in the documentation linked below in the comments. But have had no luck with it so far.
This is my SIgnUpOrSignIn policy:
This is my PasswordReset policy:
I'm getting this in my .NET application:
Access token retrieval is working fine for SignIn/SignUp using the auto files from https://b2ciefsetupapp.azurewebsites.net/, and the .NET C# code above in the screenshot.
But I can't work out why the ProfileEdit & PasswordReset custom policies are not working. These were working fine previously when using user flows.
I have tested both policies using https://jwt.ms/ and the token is returned correctly for the scope I pass as a parameter in the code above. The only difference is when I run the Identity Experience Framework custom policy via the Azure portal, it forces me to sign in prior to sending me to the ProfileEdit / PasswordReset pages. Whereas in my web application, the user has already signed in at this point, then is taken straight to the page without requiring sign in again.
As an additional issue, i'm also having trouble getting the PasswordReset policy to return me the displayName, surname & givenName in the output claims. Is this something that is valid/accepted? Or should I be saving these values to my DB (already doing this), and using that instead. I can get these claims fine from the SignIn/SignUp/ProfileEdit custom policies but having no luck getting this to work with the PasswordReset policy.
If there is any documentation you can point me towards or any help you can give to resolve these issues, that would be much appreciated! Cheers Tom
Azure App Service
{count} votes
-
Tommy 0 Reputation points
2025-05-01T17:18:57.3166667+00:00 To add more information to this, I had this previously set up using User Flows.
- SignUpSignIn
- ProfileEdit
- PasswordReset
All three user flows worked fine with my .NET Blazor Web application, I could request an access token for a specific API scope to authenticate against my Web API and that was working well.
Example of .NET code used to retrieve access token to call Web API from a blazor server side web application:
This code still works fine for SignUp/SignIn, but does not work for ProfileEdit & PasswordReset since moving over to custom policies.
-
Tommy 0 Reputation points
2025-05-01T17:30:47.8966667+00:00 Here are some more links to documentation that's related to what I have in my custom policies regarding access tokens
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/main/README.md
Sign in to comment
Sign in to answer