Changing the password programmatically in Azure AD B2C

There’s a good article on using the Graph API here.

There are a number of samples but there are no samples for how to change the password.

The JSON is:

{
 "passwordProfile": {
  "password": "P@ssword!",
  "forceChangePasswordNextLogin": false
     }
}

Remember to add the update password permissions.

Using the sample client, the command would be:

b2c update-user 3e7…ca8 update-password.json

PATCH https://graph.windows.net/tenant.onmicrosoft.com/users/3e7…ca8?api-version=1.6
Authorization: Bearer eyJ…mp6…
Content-Type: application/json

{
“passwordProfile”: {
“password”: “P@ssword!”,
“forceChangePasswordNextLogin”: false
}
}

204: No Content

null

where “3e7…ca8” is the objectID of the user whose password we want to change and “update-password.json” is a file containing the above JSON text.

The user is then able to login using the new password.

Beware:

There is currently an issue with setting:

“forceChangePasswordNextLogin”: true

This works in terms of running the client and changing the password but when the user tries to login they will get the error:

We don't recognize this user ID or password. Please try again. Forgot your password?

Bonus:

Just to clarify the “Search users” part of that article:

“You can search for users in your B2C tenant in two ways:

• Reference the user’s object ID
• Reference their sign-in identifer, the signInNames property

That gives the impression that you can only use objectID or signInNames to search. In fact, you can use any valid OData search term e.g.

b2c get-user $filter=displayName%20eq%20%27tom%20brown%27

will search for the user whose “displayName” equals “tom brown”

All good!