Changing the password programmatically in Azure AD B2C
There’s a good article on using the Graph API here.
There are a number of samples but there are no samples for how to change the password.
The JSON is:
{
"passwordProfile": {
"password": "P@ssword!",
"forceChangePasswordNextLogin": false
}
}
Remember to add the update password permissions.
Using the sample client, the command would be:
b2c update-user 3e7…ca8 update-password.json
PATCH https://graph.windows.net/tenant.onmicrosoft.com/users/3e7…ca8?api-version=1.6
Authorization: Bearer eyJ…mp6…
Content-Type: application/json
{
“passwordProfile”: {
“password”: “P@ssword!”,
“forceChangePasswordNextLogin”: false
}
}
204: No Content
null
where “3e7…ca8” is the objectID of the user whose password we want to change and “update-password.json” is a file containing the above JSON text.
The user is then able to login using the new password.
Beware:
There is currently an issue with setting:
“forceChangePasswordNextLogin”: true
This works in terms of running the client and changing the password but when the user tries to login they will get the error:
We don't recognize this user ID or password. Please try again. Forgot your password?
Bonus:
Just to clarify the “Search users” part of that article:
“You can search for users in your B2C tenant in two ways:
- Reference the user’s object ID
- Reference their sign-in identifer, the
signInNames
property
That gives the impression that you can only use objectID or signInNames to search. In fact, you can use any valid OData search term e.g.
b2c get-user $filter=displayName%20eq%20%27tom%20brown%27
will search for the user whose “displayName” equals “tom brown”
All good!