Azure AD B2C 'Invalid username or password' when using built-in policies

Question

I have setup an Azure AD B2C tenant and created an application registration. I am using local accounts only. I created two users a few months ago. Today, I tried to sign-in using these two users using the built in 'SignUpSignIn' flow. However, I keep getting the error "Invalid username or password", even though the user exists in my tenant and has the right username. I even tried to add the user again to the tenant using the signup flow, but, correctly received the 'this username already exists' error.

I looked up this error on SO and noticed that folks have run into this issue when using Custom Policies. However, I do not have any custom policies. I'm just using the built-in policies.

Just to confirm that it is only a problem with existing users, I created a new user and tried to reproduce the error. However, I am not having the same issues with this new user. I am able to login without any problems with this new user. The problem only seems to be happening with the users I have previously created.

Can anybody please guide me in the right direction? Thanks!

Answer 1

Looks like I figured it out. As I was signing in with those users after a while, I had forgotten their passwords. When resetting the password, instead of using the 'ForgotPassword' policy, I used the Reset Password option in the user's profile. This caused the above error to show up during the SignupSignIn flow.

Instead, you must use the 'ForgotPassword' built-in policy to reset the password for a user.