Signin/signup policy; update password does not redirect
same functionality as sign in policy expected
The signup/singin policy does not automatically redirect to password update by design.
I’m leaving this item open though, to capture the ask to streamline this experience so as not to require the application to do this detection of the error code and subsequent redirection to the password reset policy.
Rob Richardson commented
I'm also in favor of streamlining the password reset experience so that applications don't have to detect the error code on a redirect. Ideally, it would be nice if there was a configuration option in the Sign In policy to select a defined Password Reset policy which would be invoked when the user clicks the 'Forgot your password?' link.
William Noel commented
This sounds great, but if you're using Azure Mobile Apps with B2C it doesn't work. You don't have the option to capture the error code. That means on a mobile device - using 'client.LoginAsync(...)' - when you select 'forgot password' the user sees the 'Unauthorized' response page. It works on sign-in, but when you pass 'login_hint' to a sign-in policy, the company branding quits.
Geir Fuhre Pettersen commented
I found a reference to the fact that clicking the "forgot password" link will POST a message into the client site which then needs to handle this and redirect to the desired policy (for example B2C_1_xxxxx_ResetPassword).
Take a look at the page referenced by the link below, and search for the error code "AADB2C90118":