I’ve implemented the password change custom policy according to the documentation and use msal.js on the frontend to start the password change flow. This works accept that the user needs to sign in again although the user is already signed in to the application. So it asks the user credentials every time. Why isn’t B2C detecting that the user has already signed in and how can I solve this? Thanks!
Azure AD B2C password change custom policy, user needs to sign in every time
1.7k views Asked by RonaldV At
2
There are 2 answers
0
On
If you are trying to test through the B2C Custom Policies "Run now" endpoint, just remove the &prompt=login query parameter from the link. If you are already logged in it will skip the login, if you are not, it will still prompt for your credentials.
Credit to Jas Suri: Azure B2C EditProfile custom policy without Signing In first
MSAL.js is setting the prompt parameter, therefore, forcing B2C to ignore the cookie, therefore, forcing the sign-in.
Source
You can verify this by taking the URL MSAL.js redirects the user to and removing the prompt query parameter.
Related GitHub Issue: Allow Controlling the prompt parameter. We need to convince the MSAL library owners we need control over this parameter.