Skip to content

Latest commit

 

History

History
 
 

password-reset-not-last-password

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
policy
policy
 
 
readme.md
readme.md
 
 

readme.md

A B2C IEF Custom Policy - Password reset without being able to use the last password

This policy demonstrates how to prevent the user from using the last password when changing the password. For scenarios where you need to implement a password reset/change flow where the user cannot use their currently set password.

Live demo

To test the policy, follow these steps:

  1. If you don't have an account, create a local account with your email address.

  2. Run the B2C_1A_Demo_PasswordReset_NotLastPassword policy to reset the password

  3. Perform the following tests:

    1. Enter valid current password, and the same password for new password and re-enter password, then select continue. You should get an error message that the old and new password are identical.
    2. Enter invalid current password. You should get an error message that the current password is invalid.
    3. Enter valid current password, and a different password for new password and re-enter password. You should be able to completed the process successfully.
    4. Try to sign-in with your updated password.

How it works

This sample presents the user with a screen to enter their current password, new password and re-enter password field using the LocalAccountWritePasswordUsingObjectId technical profile. This technical profile calls validation technical profiles in the following order:

  1. login-NonInteractive-PasswordChange to validate the current password.
  2. ComparePasswords to ensure that the new password is not the same as the current password. It invokes the claims transformation in the following order:
    1. CheckPasswordEquivalence - does a string comparison operation against the new password and the current password. If they match, it outputs True, otherwise False.
    2. AssertSamePasswordIsFalse - asserts that the boolean from step 1 came back as False, indicating the password was different.
  3. Finally the password is written using AAD-UserWritePasswordUsingObjectId technical profile.

Community Help and Support

Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-ad-b2c]. If you find a bug in the sample, please raise the issue on GitHub Issues. To provide product feedback, visit the Azure Active Directory B2C Feedback page.