password reset policy

Author: derisen

JavaScriptSPA/authConfig.js

@@ -1,11 +1,13 @@
 
-// Config object to be passed to Msal on creation.
-// For a full list of msal.js configuration parameters, 
-// visit https://azuread.github.io/microsoft-authentication-library-for-js/docs/msal/modules/_configuration_.html
+/**
+ * Config object to be passed to Msal on creation.
+ * For a full list of msal.js configuration parameters, 
+ * visit https://azuread.github.io/microsoft-authentication-library-for-js/docs/msal/modules/_configuration_.html
+ * */ 
 const msalConfig = {
   auth: {
     clientId: "e760cab2-b9a1-4c0d-86fb-ff7084abd902",
-    authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_susi",
+    authority: b2cPolicies.signInSignUp.authority,
     validateAuthority: false
   },
   cache: {
@@ -14,9 +16,10 @@ const msalConfig = {
   }
 };
 
-// Add here scopes for id token to be used at the MS Identity Platform endpoint
-// For a full list of available authentication parameters, 
-// visit https://azuread.github.io/microsoft-authentication-library-for-js/docs/msal/modules/_authenticationparameters_.html
+/** 
+ * Scopes you enter here will be consented once you authenticate. For a full list of available authentication parameters, 
+ * visit https://azuread.github.io/microsoft-authentication-library-for-js/docs/msal/modules/_authenticationparameters_.html
+ */
 const loginRequest = {
   scopes: ["openid", "profile"],
 };

JavaScriptSPA/authPopup.js

@@ -5,7 +5,7 @@ const myMSALObj = new Msal.UserAgentApplication(msalConfig);
 function signIn() {
   myMSALObj.loginPopup(loginRequest)
     .then(loginResponse => {
-        console.log('id_token acquired at: ' + new Date().toString());
+        console.log("Id_token acquired at: " + new Date().toString());
         console.log(loginResponse);  
 
         if (myMSALObj.getAccount()) {
@@ -14,6 +14,19 @@ function signIn() {
 
     }).catch(function (error) {
       console.log(error);
+
+      // error handling
+      if (error.errorMessage) {
+        // check for forgot password error
+        // learn more about AAD error codes at https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes
+        if (error.errorMessage.indexOf("AADB2C90118") > -1) {
+          myMSALObj.loginPopup(b2cPolicies.forgotPassword)
+            .then(loginResponse => {
+              console.log(loginResponse);
+              window.alert("Password has been reset successfully. \nPlease sign-in with your new password.");
+            })
+        }
+      }
     });
 }
 
@@ -26,12 +39,12 @@ function logout() {
 function getTokenPopup(request) {
   return myMSALObj.acquireTokenSilent(request)
     .catch(error => {
-      console.log("silent token acquisition fails. acquiring token using popup");
+      console.log("Silent token acquisition fails. Acquiring token using popup");
       console.log(error);
       // fallback to interaction when silent call fails
       return myMSALObj.acquireTokenPopup(request)
         .then(tokenResponse => {
-          console.log('access_token acquired at: ' + new Date().toString());
+          console.log("access_token acquired at: " + new Date().toString());
           return tokenResponse;
         }).catch(error => {
           console.log(error);
@@ -43,7 +56,7 @@ function getTokenPopup(request) {
 function passTokenToApi() {
   getTokenPopup(tokenRequest)
     .then(tokenResponse => {
-        console.log('access_token acquired at: ' + new Date().toString());
+        console.log("access_token acquired at: " + new Date().toString());
         try {
           logMessage("Request made to Web API:")
           callApiWithAccessToken(apiConfig.webApi, tokenResponse.accessToken);

JavaScriptSPA/authRedirect.js

@@ -12,22 +12,22 @@ function authRedirectCallBack(error, response) {
     console.log(error);
   } else {
     if (response.tokenType === "id_token") {
-      console.log('id_token acquired at: ' + new Date().toString());
+      console.log("id_token acquired at: " + new Date().toString());
       myMSALObj.getAccount();
       getTokenRedirect(tokenRequest);
     } else if (response.tokenType === "access_token") {
-        console.log('access_token acquired at: ' + new Date().toString());
+        console.log("access_token acquired at: " + new Date().toString());
         accessToken = response.accessToken;
-        logMessage("Request made to Web API:")
-        if (accessToken === null || accessToken === undefined) {
+        logMessage("Request made to Web API:");
+        if (accessToken) {
           try {
-            callApiWithAccessToken(apiConfig.webApi, accessToken)
+            callApiWithAccessToken(apiConfig.webApi, accessToken);
           } catch (err) {
             console.log(err);
           }
         }
     } else {
-        console.log("token type is: " + response.tokenType);
+        console.log("Token type is: " + response.tokenType);
     }
   }
 }
@@ -38,51 +38,50 @@ if (myMSALObj.getAccount()) {
 }
 
 function signIn() {
-  myMSALObj.loginRedirect(loginRequest)
+  myMSALObj.loginRedirect(loginRequest);
 }  
 
-
 // sign-out the user
 function logout() {
   // Removes all sessions, need to call AAD endpoint to do full logout
   myMSALObj.logout();
 }
 
-// This function can be removed if you do not need to support IE
+// main method to get token with redirect flow
 function getTokenRedirect(request) {
 return myMSALObj.acquireTokenSilent(request)
   .then((response) => {
     if (response.accessToken) {
-      accessToken = response.accessToken
-      logMessage("Request made to Web API:")
+      accessToken = response.accessToken;
+      logMessage("Request made to Web API:");
 
-      if (accessToken === null || accessToken === undefined) {
+      if (accessToken) {
         try {
-          callApiWithAccessToken(apiConfig.webApi, accessToken)
+          callApiWithAccessToken(apiConfig.webApi, accessToken);
         } catch (err) {
           console.log(err);
         }
       }
     }
   }).catch(error => {
-    console.log("silent token acquisition fails. acquiring token using redirect");
+    console.log("Silent token acquisition fails. Acquiring token using redirect");
     console.log(error);
     // fallback to interaction when silent call fails
-    return myMSALObj.acquireTokenRedirect(request)
+    return myMSALObj.acquireTokenRedirect(request);
   });
 }
 
 
 // calls the resource API with the token
 function passTokenToApi() {
-  if (accessToken === null || accessToken === undefined) {
+  if (!accessToken) {
     getTokenRedirect(tokenRequest);
   } else {
       logMessage("Request made to Web API:")
       try {
-        callApiWithAccessToken(apiConfig.webApi, accessToken)
+        callApiWithAccessToken(apiConfig.webApi, accessToken);
       } catch (err) {
         console.log(err);
       }
   }
-} 
+}

JavaScriptSPA/index.html

@@ -43,6 +43,7 @@ <h5 id="label" class="card-title">Sign-in with Microsoft Azure AD B2C</h5>
   <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
 
   <!-- importing app scripts -->
+  <script type="text/javascript" src="./policies.js"></script>
   <script type="text/javascript" src="./apiConfig.js"></script>
   <script type="text/javascript" src="./authConfig.js"></script>
   <script type="text/javascript" src="./ui.js"></script>

JavaScriptSPA/policies.js

@@ -0,0 +1,12 @@
+// Enter here the user flows and custom policies for your B2C application
+// To learn more about user flows, visit https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-flow-overview
+// To learn more about custom policies, visit https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-overview
+
+const b2cPolicies = {
+    signInSignUp: {
+        authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_susi",
+    },
+    forgotPassword: {
+        authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_reset",
+    },
+}