forgot password policy

Author: derisen

JavaScriptSPA/authConfig.js

@@ -7,7 +7,7 @@
 const msalConfig = {
   auth: {
     clientId: "e760cab2-b9a1-4c0d-86fb-ff7084abd902",
-    authority: b2cPolicies.signInSignUp.authority,
+    authority: b2cPolicies.authorities.signUpSignIn.authority,
     validateAuthority: false
   },
   cache: {

JavaScriptSPA/authPopup.js

@@ -15,12 +15,12 @@ function signIn() {
     }).catch(function (error) {
       console.log(error);
 
-      // error handling
+      // Error handling
       if (error.errorMessage) {
-        // check for forgot password error
-        // learn more about AAD error codes at https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes
+        // Check for forgot password error
+        // Learn more about AAD error codes at https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes
         if (error.errorMessage.indexOf("AADB2C90118") > -1) {
-          myMSALObj.loginPopup(b2cPolicies.forgotPassword)
+          myMSALObj.loginPopup(b2cPolicies.authorities.forgotPassword)
             .then(loginResponse => {
               console.log(loginResponse);
               window.alert("Password has been reset successfully. \nPlease sign-in with your new password.");
@@ -30,7 +30,7 @@ function signIn() {
     });
 }
 
-// sign-out the user
+// Sign-out the user
 function logout() {
   // Removes all sessions, need to call AAD endpoint to do full logout
   myMSALObj.logout();

JavaScriptSPA/authRedirect.js

@@ -8,13 +8,33 @@ let accessToken;
 myMSALObj.handleRedirectCallback(authRedirectCallBack);
 
 function authRedirectCallBack(error, response) {
+  // Error handling
   if (error) {
     console.log(error);
+
+    // Check for forgot password error
+    // Learn more about AAD error codes at https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes
+    if (error.errorMessage.indexOf("AADB2C90118") > -1) {
+      try {
+        // Password reset policy/authority
+        myMSALObj.loginRedirect(b2cPolicies.authorities.forgotPassword);
+      } catch(err) {
+        console.log(err);
+      }
+    }
   } else {
-    if (response.tokenType === "id_token") {
+    // We need to reject id tokens that were not issued with the default sign-in policy.
+    // To learn more about b2c tokens, visit https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview
+    if (response.tokenType === "id_token" && response.idToken.claims['acr'] !== b2cPolicies.names.signUpSignIn) {
+      myMSALObj.logout();
+      window.alert("Password has been reset successfully. \nPlease sign-in with your new password.");
+    } else if (response.tokenType === "id_token" && response.idToken.claims['acr'] === b2cPolicies.names.signUpSignIn) {
       console.log("id_token acquired at: " + new Date().toString());
-      myMSALObj.getAccount();
-      getTokenRedirect(tokenRequest);
+
+      if (myMSALObj.getAccount()) {
+        updateUI();
+      }
+
     } else if (response.tokenType === "access_token") {
         console.log("access_token acquired at: " + new Date().toString());
         accessToken = response.accessToken;
@@ -32,11 +52,6 @@ function authRedirectCallBack(error, response) {
   }
 }
 
-// Redirect: once login is successful and redirects with tokens, update UI
-if (myMSALObj.getAccount()) {
-  updateUI();
-}
-
 function signIn() {
   myMSALObj.loginRedirect(loginRequest);
 }  

JavaScriptSPA/index.html

@@ -6,10 +6,10 @@
   <title>AAD B2C | MSAL.JS Vanilla JavaScript SPA</title>
 
   <!-- msal.min.js can be used in the place of msal.js; included msal.js to make debug easy -->
-  <script type="text/javascript" src="https://alcdn.msauth.net/lib/1.2.2/js/msal.js" integrity="sha384-n2/wxR+doMGeL8Lmj4kdPRfZBUg2d/OAVqaKCoHPWOfOs1HUFU3laBvp3gv/HBOu" crossorigin="anonymous"></script>
+  <script type="text/javascript" src="https://alcdn.msauth.net/lib/1.3.0/js/msal.js" integrity="sha384-xeOjp8/l8VazdeNFRbrC9LWPR1InyrS8E1Na/0lv6V2r09iwX6vJC47FXlczokMi" crossorigin="anonymous"></script>
   <!-- msal.js with a fallback to backup CDN -->
   <script type="text/javascript">
-    if(typeof Msal === 'undefined')document.write(unescape("%3Cscript src='https://alcdn.msftauth.net/lib/1.2.2/js/msal.js' type='text/javascript' integrity='sha384-n2/wxR+doMGeL8Lmj4kdPRfZBUg2d/OAVqaKCoHPWOfOs1HUFU3laBvp3gv/HBOu' crossorigin='anonymous'%3E%3C/script%3E"));
+    if(typeof Msal === 'undefined')document.write(unescape("%3Cscript src='https://alcdn.msftauth.net/lib/1.3.0/js/msal.js' type='text/javascript' integrity='sha384-xeOjp8/l8VazdeNFRbrC9LWPR1InyrS8E1Na/0lv6V2r09iwX6vJC47FXlczokMi' crossorigin='anonymous'%3E%3C/script%3E"));
   </script>
 
   <!-- adding Bootstrap 4 for UI components  -->

JavaScriptSPA/policies.js

@@ -3,10 +3,16 @@
 // To learn more about custom policies, visit https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-overview
 
 const b2cPolicies = {
-    signInSignUp: {
-        authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_susi",
+    names: {
+        signUpSignIn: "b2c_1_susi",
+        forgotPassword: "b2c_1_reset"
     },
-    forgotPassword: {
-        authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_reset",
+    authorities: {
+        signUpSignIn: {
+            authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_susi",
+        },
+        forgotPassword: {
+            authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_reset",
+        },
     },
 }