3

I am trying to generate an access token from our policy but I am getting this error.

AADB2C90086: The supplied grant_type [client_credentials] is not supported.

This is a sample postman request

POST /{tenant}/oauth2/token?p=B2C_1A_SignUpOrSignInWithAAD HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache

grant_type=client_credentials&client_id={client_id}&resource=https%3A%2F%2F{app_url}&client_secret={client_secret}

but it works fine if I don't use our custom policy and just go direct to the B2C tenant

POST /{tenant}/oauth2/token?api-version=1.0
... same as above

Is there something missing in our custom policy?

spottedmahn
  • 14,823
  • 13
  • 108
  • 178
chookie
  • 441
  • 6
  • 12

1 Answers1

5

B2C does not support the Client Credential Flow. Additional details are here. And here Daemons/server-side apps.

but it works fine if I don't use our custom policy

That's because you getting a token from Azure AD, not B2C.

spottedmahn
  • 14,823
  • 13
  • 108
  • 178
  • Thanks for the reply. So your saying that even though I am requesting the token from the B2 tenant (no custom policy) the token is actually created by the AD? When I use the b2c tenant with custom policy it only hits the B2C and hence fails? – chookie Apr 11 '18 at 14:06
  • That's correct. @chookie. Use a tool like https://jwt.ms to view the token. The issuer for Azure AD is https://sts.windows.net/[guid]. The issuer for B2C is https://login.microsoftonline.com/[guid]/v2.0 – spottedmahn Apr 12 '18 at 18:04