Azure AD B2C with custom policies: Unable to authenticate user with temporary password

The most common reason for this that Grant Permissions has not been executed.

On the "ProxyIdentityExperienceFramework application" -> after selecting the checkbox for Access IdentityExperienceFramework -> clicking on Select and hitting Done, you must also complete the next step:

Select Grant Permissions, and then confirm by selecting Yes.

Edit:

Sorry, after reading your situation carefully, both a "sign-up or sign-in policy" or "custom policy" do not support the Azure Active Directory forceChangePasswordNextLogin flag. (forceChangePasswordNextLogin will only work with a "sign-up policy") There is a feature request tracking this here.

Tags:

Azure Ad B2C