【发布时间】:2021-09-03 07:37:53
【问题描述】:
我们在 Azure B2C 中使用自定义登录和重置密码策略,当用户重置密码并完成所有过程后,当用户尝试使用新密码和 OTP 登录时,显示以下错误,然后用户不断被要求输入新的访问代码。
HTTP/1.1 400 Bad Request
Cache-Control: private
Allow: OPTIONS,TRACE,GET,HEAD,POST
Content-Type: application/json; charset=utf-8
x-ms-gateway-requestid: a6264e6b-e73e-45e1-aab9-71c5916e1215
Access-Control-Expose-Headers: Content-Length, Content-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, OPTIONS
Set-Cookie: x-ms-cpim-trans=; domain=****; expires=Fri, 02-Sep-2011 12:14:12 GMT; path=/; SameSite=None; secure; HttpOnly
X-Frame-Options: DENY
Public: OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Thu, 02 Sep 2021 12:14:12 GMT
Content-Length: 296
{"error":"invalid_grant","error_description":"AADB2C90088: The provided grant has not been issued for this endpoint. Actual Value : B2C_1A_MFA_phone_or_email and Expected Value : B2C_1A_PasswordReset\r\nCorrelation ID: ******\r\nTimestamp: 2021-09-02 12:14:12Z\r\n"}
当用户更改密码并点击继续时,下面的请求生成,您可以看到第一个令牌请求成功,但它再次尝试第二个令牌请求并因上述错误而失败。 Network logs
我们在这里期望的是,用户在重置密码后应该自动登录,而不是返回登录屏幕并再次询问凭据。
【问题讨论】:
标签: azure-ad-b2c msal azure-ad-b2c-custom-policy