cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
FlowHawk
Advocate I
Advocate I

Password Reset Redirects to "Sign In Failed" page

Hey all,

 

I've configured my Power Apps portal to use Azure B2C for external authentication. Everything works great except for this one piece. When a user resets their password they are redirected to .../Account/Login/ExternalAuthenticationFailed with this error:

 

FlowHawk_0-1620233281188.png

 

If they click "Sign in" and use their newly reset password, they authenticate correctly. What that means is that the password reset flow is resetting their password correctly, but just redirecting the user to an error page. How can I change this user experience?

 

Note: I set up the Azure AD B2C using the wizard at make.preview.powerapps.com so I haven't manually configured any settings.

1 ACCEPTED SOLUTION

Accepted Solutions
OliverRodrigues
Super User II
Super User II

Thanks for the snapshots.. try the follwoing changes:

 

App Registration > Authentication

  • add another Redirect URI, with just the Portal URL
  • enable ID Tokens for implicit grant

OliverRodrigues_0-1620760068856.png

SignUpSignIn > Properties

  • those look fine to me

SignUpSignIn > User Attributes / Application Claims

  • I normally also enable Surname/Given Name, but that's optional

Reset Password > Properties

  • Issuer claim doesn't seem right to me, can you select the other (non-TFP) option from the drop-down (but keep TFP selected in the toggles there):

OliverRodrigues_1-1620760518717.png

 

Reset Password > Application Claims

  • In my environment I only have selected Given Name/Surname, but I don't think this would make any difference

Portal Configuration > Valid Issuers

  • Here you need both Issuer URL for your Sign Up Sign In + Reset Pwd flows, the article above I shared explains how to retrieve those URLs

 

hope this helps




If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Apps Portals Super User


Oliver Rodrigues


 

View solution in original post

14 REPLIES 14
chleverenz
Advocate III
Advocate III

Hi FlowHawk,

not sure, but could it be that changing the password does not delete the authentcationcookie for the B2C Site and an outdated token is used for logging in? I think, an id token is passed to the portal and if the portal checks that one for validity and it fails, because its old/invalid.

Have you tried to clear all cookies for the b2c provider after a password change? This would force the user to log in again, which makes a kind of sense to me.

If this works, may be AzureB2C password change flow is to be configured either to clear the session or to update all issued id tokes (what would mean that there is an error, if it doesn't 🙂 )

So, just ideas and no clear hint.

Hope it helps a little bit,

  Christian

That's an interesting thought. I appreciate the point. I'm just not savvy enough to know what to do with the information haha. I did go into the B2C settings and tinker with the tokens, claims, logout urls, etc... and no dice. But I suspect what is conceptually occurring is exactly as you have said.

OliverRodrigues
Super User II
Super User II

Hi, this is an old and a bit more manual article, but still super valid for you to understand the site settings involved: https://readyxrm.blog/2019/07/24/configure-azure-ad-b2c-for-powerapps-portals/

can you please take a look to see if your site settings are correct?

also, are you using custom policies on Azure AD B2C? or standard user flows?




If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Apps Portals Super User


Oliver Rodrigues


 

Thanks @OliverRodrigues. I reviewed the article and checked each property in the B2C user flows and in the portal -- they all matched. I couldn't see anything different. I'm curious, do this issue sound like a B2C problem? Or a portal problem?

I'm using standard user flows from Azure B2C. They were set up using the make.preview.powerapps.com B2C wizard.

For further information, I created a developer tenant, created a new azure subscription, created a new resource, created a new Power Apps portal, went to make.preview.powerapps.com, configured Azure B2C as an authentication provider (creating new signupsignin and password reset user flows during the wizard), set Azure B2C as the default identity provider, sync the changes, opened my portal and created an account, then signed out and attempted to reset my password. I was forwarded to the same error page.

At this point I'm not convinced that this works for anyone else out of the box. Can someone confirm?

FlowHawk_0-1620409478903.png

 

OliverRodrigues
Super User II
Super User II

Sorry about the delay, I performed the same task as you are doing a few months ago and worked fine.

Unless something has changed, this should work.

 

Can you share a few snapshots of your Azure user flow (properties / application claims)?




If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Apps Portals Super User


Oliver Rodrigues


 

Here are some screenshots. This is all in the developer tenant where I didn't make any customizations:

 

FlowHawk_0-1620755470512.pngFlowHawk_1-1620755480825.pngFlowHawk_2-1620755492414.png

FlowHawk_3-1620755510795.pngFlowHawk_4-1620755517422.pngFlowHawk_5-1620755526507.png

FlowHawk_6-1620755542450.png

FlowHawk_7-1620755552490.png

 

 

OliverRodrigues
Super User II
Super User II

Thanks for the snapshots.. try the follwoing changes:

 

App Registration > Authentication

  • add another Redirect URI, with just the Portal URL
  • enable ID Tokens for implicit grant

OliverRodrigues_0-1620760068856.png

SignUpSignIn > Properties

  • those look fine to me

SignUpSignIn > User Attributes / Application Claims

  • I normally also enable Surname/Given Name, but that's optional

Reset Password > Properties

  • Issuer claim doesn't seem right to me, can you select the other (non-TFP) option from the drop-down (but keep TFP selected in the toggles there):

OliverRodrigues_1-1620760518717.png

 

Reset Password > Application Claims

  • In my environment I only have selected Given Name/Surname, but I don't think this would make any difference

Portal Configuration > Valid Issuers

  • Here you need both Issuer URL for your Sign Up Sign In + Reset Pwd flows, the article above I shared explains how to retrieve those URLs

 

hope this helps




If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Apps Portals Super User


Oliver Rodrigues


 

View solution in original post

Thank you Oliver!! I applied all the changes except the claims ones and it worked!!

I don't know if anyone from the product team is here in the forum, but it would be helpful feedback I think that the wizard in the make.preview.powerapps.com sets up the issuer incorrectly for password reset flows.

 

Thanks again Oliver, you rock!

Helpful resources

Announcements
PA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

R2 (Green) 768 x 460px.png

Microsoft Dynamics 365 & Power Platform User Professionals

DynamicsCon is a FREE, 4 half-day virtual learning experience for 11,000+ Microsoft Business Application users and professionals.

Users online (1,404)