search

Azure-Samples / active-directory-b2c-ios-swift-native-msal

An iOS sample in Swift that authenticates Azure AD B2C users and calls an API using OAuth 2.0
https://aka.ms/aadb2c
MIT License
45 stars 22 forks source link

Not able to retrieve silent access token using reset password flow in iOS #58

Closed diwakar445 closed 2 years ago

diwakar445 commented 2 years ago

we're not able to retrieve silent access token using reset password flow and in our app, we are using 3 authorities as mentioned below code. we're able to retrieve silently access token when we use signup/sign Inflow but not get silent access token when we use reset password flow but it's working in android

I have set up my context object as mentioned below

do { let signInSignupAuthority = try getAuthority(authorityString: UserDefinedVariable.azureAuthoritySignupSignin.valueFromInfoPlist())

        let passwordChangeAuthority =  try getAuthority(authorityString: UserDefinedVariable.azureAuthorityPasswordChange.valueFromInfoPlist())

        let passwordResetAuthority = try  getAuthority(authorityString: UserDefinedVariable.azureAuthorityPasswordReset.valueFromInfoPlist())

        let config = MSALPublicClientApplicationConfig(clientId: UserDefinedVariable.azureClientId.valueFromInfoPlist(), redirectUri: nil, authority: signInSignupAuthority)
        config.knownAuthorities = [signInSignupAuthority, passwordChangeAuthority, passwordResetAuthority]
        application = try MSALPublicClientApplication(configuration: config)
    }
    catch {

    }

I'm using the below code to acquire tokens silently

if let clientApp = application, let accountIdentifier = accountIdentifier, let account = try? application?.account(forIdentifier: accountIdentifier)){ let msalSilentTokenparameters = MSALSilentTokenParameters(scopes: [MSALAuthManager.scope], account: account) clientApp.acquireTokenSilent(with: msalSilentTokenparameters) { (result, error) in guard let result = result else { failure(); return }

            success(result.accessToken)
        }

    } else {
        failure()
    }
diwakar445 commented 2 years ago

Any update on above request

NerevarineRule commented 2 years ago

Could you please provide the MSAL verbose log captured while having issues with the reset password flow?

NerevarineRule commented 2 years ago

In the meantime, could you also take a look at this https://stackoverflow.com/questions/41497158/azure-ad-b2c-self-service-password-reset-link-doesnt-work thread and see if it's applicable to your scenario? 

There are two different mechanisms for Password Reset in Azure AD B2C:

Sign-in Policy: No work required by the application, clicking on "I forgot my password" redirects the user automatically to a generic Microsoft-branded password reset page.

Sign-up/sign-in Policy: This requires the application to do some extra work. Clicking on "I forgot my password" redirects the user back to the application with an error code. The application needs to detect that the error code in the request and then further redirect the user to the Azure AD B2C Password Reset Policy. The Password reset policy can be customized extensively.
mipetriu commented 2 years ago

@diwakar26 Since there has been no activity on this post for some time, is it ok to close?

mipetriu commented 2 years ago

@diwakar26 I'll close this issue since there has been no activity on it for some time. Please re-open if more investigation is needed. Thanks!