AD B2C Custom Policy Redirection

Question

I have an AD B2C custom policy, that basically is a Reset Password and redirection to a React App, based on this reference: https://medium.com/the-new-control-plane/invoking-the-azure-ad-b2c-custom-policy-journey-with-a-jwt-e9e3ff0560a3

When you reset your password and press accept you are redirected to the React URL app you have specified on the custom policy but the redirection happens to be a post with the Id token to authenticate, but the react app doesn't know how to handle a POST request and returns 500 error code.

The policy code is described as follow:

 <UserJourney Id="PasswordResetJWT">
  <OrchestrationSteps>
    <OrchestrationStep Order="1" Type="ClaimsExchange">
      <ClaimsExchanges>
        <ClaimsExchange Id="PasswordResetUsingEmailAddress" TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress" />
      </ClaimsExchanges>
    </OrchestrationStep>
    <OrchestrationStep Order="2" Type="ClaimsExchange">
      <ClaimsExchanges>
        <ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountWritePasswordUsingObjectId" />
      </ClaimsExchanges>
    </OrchestrationStep>
    <OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
  </OrchestrationSteps>
  <ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>

What does the app expect? – Jas Suri - MSFT Feb 05 '21 at 21:22 — Jas Suri - MSFT, Feb 05 '21 at 21:22

score 0 · Answer 1 · answered Feb 17 '21 at 14:21

I am no React expert but you are able to change how the code is returned to your application.

After reading the article you provided, the writer explicitly states to have the code returned via POST. However, according to B2C Documentation you are able to specify the code to be returned by setting the response_mode parameter.

response_mode=query
response_mode=fragment
response_mode=form_post

AD B2C Custom Policy Redirection

1 Answers1