Hi,
A bit of context: I currently have a B2C tenant set up with Custom Policies where a client application lives (client1). In my main tenant (not a B2C tenant), I have an internal API (api1) that I want to expose to client1. First, I create my api1 presence via /adminconsent then added its service principal. In the client1, I added my api1 under "Expose an API" and gave it admin consent.
Either with msal.js or postman, my client1 can't generate tokens for api1's scope using refresh_token target my B2C custom policy /token. When inspecting the network request, I have something similar to
![244530-image.png][1]
![244611-image.png][2]
Or via postman
{
"error": "invalid_request",
"error_description": "AADB2C90117: The scope 'api://