Azure B2C SignUp Userflow shows that password has expired

Question

I'm deploying local Azure B2C users using code.

var graphUser = new User
{
    DisplayName = $"{user.FirstName} {user.LastName}",
    GivenName = user.FirstName,
    Surname = user.LastName,
    // PasswordPolicies = "DisablePasswordExpiration,DisableStrongPassword",
    Identities = new[]
    {
        new ObjectIdentity { SignInType = "emailAddress", Issuer = _tenantId, IssuerAssignedId = user.Email }
    },
    PasswordProfile = new PasswordProfile { Password = "Password123!", ForceChangePasswordNextSignIn = true }
};
User createdUser = await _graphServiceClient.Users
                    .Request()
                    .AddAsync(graphUser);

When user is trying to signin using Sign up and sign in userflow he receives information that password has expired. Resetting the password in Azure B2C does not help. User still receives information that password has expired. I tried different options in PasswordPolicies. Not set at all, set to DisablePasswordExpiration and set to DisablePasswordExpiration,DisableStrongPassword but no change.

What's interesting is tha when I'm using Sign in user flow accounts provisioned with code above are able to log in.

Answer 1

By default force password reset is not available.

So if you always wants to for password change, here is the MS doc to configure https://learn.microsoft.com/en-us/azure/active-directory-b2c/force-password-reset?pivots=b2c-user-flow

For conditional logic you need to customize the flow

https://github.com/azure-ad-b2c/samples/tree/master/policies/force-password-reset-first-logon

Answer 2

The reason why Azure Ad B2C is showing the user's password is expired is because you have set ForceChangePasswordNextSignIn = true.

This needs to be set to false.