Azure AD B2C ChangePassword custom policy "Invalid username or password."

Question

there is a problem with Azure AD B2C custom policy for the password change.

I'm combining User Flows and Custom Policies for the Azure AD B2C. Everything works fine: signup, login, reset password, impersonate user. The custom policy for changing the password works fine on the Azure portal - when I try the custom policy, however in the Angular SPA, it returns an error "Invalid username or password."

The key points here are following:

• The "Change Password" custom policy - works fine when executing it from the Azure portal.
• The same policy returns: "Invalid username or password." error with status code 400 when redirected from an Angular SPA (with logged in, authenticated user)

The following User Flows work fine: Login, Signup, ResetPassword. Custom policy to Impersonate a user also works fine. The only problem happens when trying to execute the "Change Password" custom policy from a single page application (Angular).

I've used the following base packs for the Custom Policies: https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack

If someone can suugest the possible reasons why this happens or how to investigate it - I would much appreciate

Answer 1

You cannot mix and match user flow and custom policies.

For any use case, use either all user flows or all custom policies.