Issue with Password Reset Redirect Loop in MSAL Browser for B2C Users

[pecoram]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.13.0

Wrapper Library

Not Applicable

Wrapper Library Version

2.0.0

Public or Confidential Client?

Public

Description

Hello,

I have a problem with my application using the MSAL Browser library. The issue is that when a B2C user changes their password and then returns to the login page, they are redirected back to the reset password page instead of the login page.

Unfortunately, I do not have the possibility to modify the login page because it is developed by a third party.
How can I resolve this issue? Is there a way to reset the user's "reset password" state before calling loginRedirect again?

Error Message

No response

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

• Sent
• Pending

MSAL Configuration

auth: {
        clientId: 'xxx',
        authority: 'https://xxx.b2clogin.com/xxx.onmicrosoft.com/B2C_1A_EVENTS_SIGNIN_V2',
        knownAuthorities: ['xxx.b2clogin.com'],
        redirectUri: '/mypage.html',
      },
      cache: {
        cacheLocation: 'localStorage',
        storeAuthStateInCookie: false,
      },

Relevant Code Snippets

msalInstance.loginRedirect(loginRequest);

Reproduction Steps

The steps to reproduce the issue are:

1. Call loginRedirect
2. Land on the login page
3. Click on reset password
4. Get redirected to the reset password page
5. Reset the password
6. Get logged in
7. Get redirected to the redirect URI page
8. Call loginRedirect again for various reasons
9. Land on the reset password page instead of the login page

Expected Behavior

Land on the reset password page instead of the login page.

Identity Provider

Azure B2C Basic Policy

Browsers Affected (Select all that apply)

WebView in an Android/IOS app

Regression

No response

Source

External (Customer)

[pecoram]

up