When redirecting the user into a Custom Policy Change Password policy/flow, as shown in the linked documentation below.
Is there a way to pass the user across without using cookies? I.e. our user's access token is stored in browser session storage and therefore isn't automatically presented to the policy/flow. We need a way of passing the token across to the policy/flow.
B2C has built in session management that I would take advantage of, but if you don't want to do that, you can attempt to use the id token hint query string parameter. You pass your token to the policy via that query parameter, and then you add a step to your policy that validates the token and any data that's important to you. Here is a link to the docs: https://learn.microsoft.com/en-us/azure/active-directory-b2c/id-token-hint
