none
Azure AD B2C - Error on reset password policy custom template (error code UX016)

    Question

  • Hello!

    I'm using Active Directory B2C with local identity supplier with username and the directives that I'm using are: Sign-up or sign-in policies, Password reset policies both with Custom Templates.

    When I try to recover the password everything works out fine until I do the verification code. When the verification code works in the e-mail and then press "continue" this is the error that's presented:

    Bad Request

    https://login.microsoftonline.com/prosamx.onmicrosoft.com/B2C_1_ResetPwd/api/SelfAsserted/error?code=UX016&desc=OK&csrf_token=Y1BjMjF2TjdMVm5MbXhyLyt4MHFzUlVsQzcyUXA2VVVZUDVoQml6S20xL2JQd3ppbHZadTBVaHl2ZTlMMUx1YkJSUkZTeVhnY2grL2lPZ3F1OE92Q1E9PTsyMDE3LTA1LTAyVDE4OjQ4OjQ2LjM5MTU4NDRaO09ZV2hNTEpoT2RYMUQwWllkLzVoSlE9PTt7IlRhcmdldEVudGl0eSI6IlBhc3N3b3JkUmVzZXRVc2luZ1VzZXJOYW1lRXhjaGFuZ2UiLCJPcmNoZXN0cmF0aW9uU3RlcCI6Mn0=&tx=eyJUSUQiOiI4MGRjODIwMC05MjA1LTRlODEtOTIyNy00NTNkMzRjNGQ3ZTUifQ&p=B2C_1_ResetPwd

    This happens when used the username at the local identity provider.

    I hope you can help me out.


    Thanks, regards.




    Tuesday, May 2, 2017 6:50 PM

All replies

  • We found out that the user you were trying to reset the password did not have an email address associated in the directory leading to the bad request you were seeing. Password Reset policy does not support users who doesn't have an email address.

    When you sign up the user, the email address should have been provided to us and stored in the directory. Please let us know if you have ever manually modified the user through other ways such as Portal or Graph API. Meanwhile, we are still actively investigating why this user does not have an email address, whether it was stored or removed.

    Does the issue happen to this specific user or any new users created by your sign up sign in policy? 
    Friday, May 5, 2017 7:15 PM
    Moderator
  • We found out that the user you were trying to reset the password did not have an email address associated in the directory leading to the bad request you were seeing. Password Reset policy does not support users who doesn't have an email address.

    When you sign up the user, the email address should have been provided to us and stored in the directory. Please let us know if you have ever manually modified the user through other ways such as Portal or Graph API. Meanwhile, we are still actively investigating why this user does not have an email address, whether it was stored or removed.

    Does the issue happen to this specific user or any new users created by your sign up sign in policy? 

    Occurs when I create any user from the Graph API, does not assign the email.
    Monday, May 8, 2017 7:24 PM
  • This is a known limitation for users with username that are created via Graph. The only work around for you is to use the email based local accounts (or) for the same users have both email based login and username based login enabled. 

    Looks like you have posted your query on stackoverflow as well (do clarify), you may refer to vikram's suggestions outlined there.

    Stackoverflow link - http://stackoverflow.com/questions/43745585/azure-ad-b2c-error-on-reset-password-policy-custom-template-error-code-ux016
    Tuesday, May 9, 2017 6:58 PM
    Moderator