I’m looking to modify the default Azure B2C Custom Policy for resetting passwords, available on GitHub. Currently, when a user types in an email address, an email is sent to the email address with the code and an option to validate the code shows up. The email is being sent regardless user has an active account. I want to modify the policy, so the email is only sent when the user has an account with the provider. That’s it! The code validation window should still appear, as it does now. No visible difference from the original/default policy should give away the fact that the email has not been sent or the user hasn’t got an account. Example of B2C that sends emails no matter if user has an account or not: https://lutondropoff.apcoa.com/account/login => Click on ‘Forgot password?’ Such a solution will NOT be accepted. Expected delivery files: Complete the B2C Custom Policy XML file with the Reset Password journey.
