Client credential call failing to fetch access token for B2C Graph API user management

Pdez 21 Reputation points

I am using the following endpoint to fetch an access token to use Graph API for B2C user management:
In the body of the POST I am sending
grant_type: client_credentials
client_id: The client id of an B2C registered app. I used the API Permissions tab to grant access to various Graph API operations
client_secret: <secret>

In the response I am getting:
{ "error": "invalid_grant", "error_description": "AADB2C90085: The service has encountered an internal error. Please reauthenticate and try again.\r\nCorrelation ID: <correlationId>\r\nTimestamp: 2022-10-31 16:49:08Z\r\n" }

I found samples to authenticate for B2C Graph access, but they reference an AAD authority url. I don't understand how an access token retrieved from an AAD tenant (e.g.${process.env.TENANT_ID}) will help in performing operations on a B2C tenant.

When I plug the B2C tenant value into the AAD authority URL I predictably get the following error:
AADSTS900023: Specified tenant identifier '<my b2c tenant>' is neither a valid DNS name, nor a valid external domain

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,914 questions
Azure Active Directory External Identities
Microsoft Graph Applications API
Microsoft Graph Applications API
A Microsoft API that enables you to manage these resources and actions related to applications in Azure Active Directory.
566 questions
0 comments No comments
{count} votes

Accepted answer
  1. CarlZhao-MSFT 23,841 Reputation points

    Hi @Pdez

    Don't try to use user flows/custom policies to get tokens for the graph API, user flows/custom policies can only be used to get tokens for your custom web APIs, not the graph APIs. You should use Azure AD-specific authentication to obtain graph API tokens for your Azure AD B2C tenant.

    POST{b2c tenant id}/oauth2/v2.0/token  
    client_id={the client ID of the B2C application}  
    &client_secret={client secret}  

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
  1. Bhanu Kiran 3,511 Reputation points

    Hi @Pdez ,

    Hope you are doing good.

    Please refer to this similar QnA post of your described issue:

    hope this helps.

    0 comments No comments