如何在 Azure 上下文之外提供重置密码功能?
How to provide the reset password feature outside Azure context?
我的场景是一个 public 网站,具有由 AzureAdB2C 管理的经过身份验证的访问权限,身份验证不是嵌入的,而是在子域样式中。在身份验证表单中,我看到有密码重置选项(对于忘记密码的人),但我的问题是当用户已经通过身份验证并且在 Azure 上下文之外时,他如何要求更改密码?
是否有任何端点(可以接收链接到帐户的电子邮件)?
谢谢
你可以Configure password change using custom policies in Azure Active Directory B2C.
In Azure Active Directory B2C (Azure AD B2C), you can enable users who are signed in with a local account to change their password without having to prove their identity through email verification. The password change flow involves following steps:
- The user signs in to their local account. If the session is still active, Azure AD B2C authorizes the user and skips to the next step.
- The user verifies the Old password, and then creates and confirms the New password.
如果问题是由于用户忘记密码但仍处于登录状态而重置密码,我可以想象注销用户并将他们重定向到登录页面,他们可以在其中选择重置密码选项。
编辑:
Azure AD B2C 文章Set up self-service password reset for your customers指出
This article applies to self-service password reset used in the context of the standard Sign in user flow, which uses Local Account SignIn as the identity provider. If you need fully customizable password reset user flows invoked from your app, see this article.
以某种方式在您登录时使用密码重置流程/自定义策略重置您的密码,而不是'need'您当前的密码感觉很奇怪。
仍然不清楚,因为您提到“触发 change/reset 密码流?”。是哪个还是两者兼而有之?
如果重置,可以使用custom policy。只需将 link 添加到您页面上的政策即可。
有一些密码重置 flows 可能会引起您的兴趣。
更改密码,见here。同样,只需将政策 link 放在页面上即可。
不确定您是否需要重新登录。
我的场景是一个 public 网站,具有由 AzureAdB2C 管理的经过身份验证的访问权限,身份验证不是嵌入的,而是在子域样式中。在身份验证表单中,我看到有密码重置选项(对于忘记密码的人),但我的问题是当用户已经通过身份验证并且在 Azure 上下文之外时,他如何要求更改密码?
是否有任何端点(可以接收链接到帐户的电子邮件)?
谢谢
你可以Configure password change using custom policies in Azure Active Directory B2C.
In Azure Active Directory B2C (Azure AD B2C), you can enable users who are signed in with a local account to change their password without having to prove their identity through email verification. The password change flow involves following steps:
- The user signs in to their local account. If the session is still active, Azure AD B2C authorizes the user and skips to the next step.
- The user verifies the Old password, and then creates and confirms the New password.
如果问题是由于用户忘记密码但仍处于登录状态而重置密码,我可以想象注销用户并将他们重定向到登录页面,他们可以在其中选择重置密码选项。
编辑:
Azure AD B2C 文章Set up self-service password reset for your customers指出
This article applies to self-service password reset used in the context of the standard Sign in user flow, which uses Local Account SignIn as the identity provider. If you need fully customizable password reset user flows invoked from your app, see this article.
以某种方式在您登录时使用密码重置流程/自定义策略重置您的密码,而不是'need'您当前的密码感觉很奇怪。
仍然不清楚,因为您提到“触发 change/reset 密码流?”。是哪个还是两者兼而有之?
如果重置,可以使用custom policy。只需将 link 添加到您页面上的政策即可。
有一些密码重置 flows 可能会引起您的兴趣。
更改密码,见here。同样,只需将政策 link 放在页面上即可。
不确定您是否需要重新登录。