Forgot password link on SUSI policy disregards current ui_locales

When constructing the URL used to send a visitor to the signin page (SUSI policy), we supply a ui_locales querystring parameter to force the page to be presented with that locale. This works fine and the page appears as I would expect.

On this page, as part of the standard SUSI policy, there is a forgot password link rendered. Sadly, when clicking this link, the ui_locales parameter specified on the signin page is not forwarded through, so the password reset page is rendered using the default locale. This is clearly not ideal.

I'm using the legacy approach to password resets in that I have a dedicated policy for resetting a user's password. Clicking the forgot password generates an exception on my site which is caught and the user is redirected to the forgot password page. I need a dedicated password reset policy page as I need to link to this page from places outside of B2C, so there doesn't seem any advantages of using the recommended approach.

I have tested the recommended password reset approach and it does resolve this issue, but I think it would be worthwhile to fix this when using the legacy password reset. A dedicated password reset policy comes in the standard custom policy starter pack so I think people tend to use the legacy approach. I'm guessing the fix might involve sending through additional exception data when clicking the forgot password link that indicates the current locale. That way, the server could generate the appropriate ui_locales parameter for use when redirecting the user.

Thanks for your consideration :)

P.S. now that I think about it more, there are other cases where sending back the current locale would be helpful in the exception data. For instance, when clicking the cancel button you lose this context too.

azure-ad-b2c / samples

Forgot password link on SUSI policy disregards current ui_locales #518