Azure B2C client credentials flow throws invalid_grant AADB2C90085

Question

I followed this resource: https://icareb2cdev.b2clogin.com/icareb2cdev.onmicrosoft.com/B2C_1A_DEMO_CLIENTCREDENTIALSFLOW/oauth2/v2.0/token

Azure B2C App registrations:
- Protected web api
  - Expose an api
    - App ID URI = https://{my tenant name}.onmicrosoft.com/{protected web api client id}/.default
- Daemon console app
  - API Permissions
    - API = protected web api
      - Permission = access_as_application
      - Type = Application
      - Admin consent requested = Yes

I acquire a token using the OAuth client credentials flow:

POST https://{my tenant name}.b2clogin.com/{my tenant name}.onmicrosoft.com/{a basic user flow SUSI policy}/oauth2/v2.0/token

scope=https://icareb2cdev.onmicrosoft.com/{protected web api client id}/.default&
grant_type=client_credentials&
client_id={daemon console app client id}&
client_secret={daemon console app client secret}

Error response:

{
    "error": "invalid_grant",
    "error_description": "AADB2C90085: The service has encountered an internal error. Please reauthenticate and try again.\r\nCorrelation ID: REDACTED\r\nTimestamp: REDACTED\r\n"
}

score 4 · Accepted Answer · answered Aug 22 '22 at 18:42

4

I ran into the same issue, please double check your Manifest and make sure that "signInAudience": "AzureADandPersonalMicrosoftAccount" and not your organization only. Do also ensure you followed the steps same as other answer.

answered Aug 22 '22 at 18:42

user1932923

354
3
18

this solved my issue. i first changed this value in web api manifest, it did not work. After that, i updated this value in my client app, it worked. – Manish Bansal Aug 23 '22 at 16:48

score 2 · Answer 2 · answered Mar 27 '23 at 09:31

2

For me, my secrets expired. replacing them with new ones fixed it for me.

answered Mar 27 '23 at 09:31

Tim Chermin

304
2
10

Azure B2C client credentials flow throws invalid_grant AADB2C90085

2 Answers2