Graph API and B2C

Question

Hi,
I used the custom policy to log a user in and get the access token. This is Azure AD B2C
Now I am trying to use the token to change password via Postman https://graph.microsoft.com/v1.0/me/changePassword

But I am getting the following error

{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"date": "2022-11-11T07:32:57",
"request-id": "f28a8603-8780-4da7-85ac-91e8a78ae5f7",
"client-request-id": "f28a8603-8780-4da7-85ac-91e8a78ae5f7"
}
}
}

Can someone help ?

Answer 1

Hi @Abhay Chandramouli

Don't try to use user flows/custom policies to get tokens for the graph API, user flows/custom policies can only be used to get tokens for your custom web APIs, not the graph APIs. You should use Azure AD-specific authentication flow(auth code flow or ROPC flow) to obtain graph API tokens for your Azure AD B2C tenant.

POST https://login.microsoftonline.com/{b2c tenant id}/oauth2/v2.0/token  
Content-Type: application/x-www-form-urlencoded  
  
client_id={the client ID of the B2C application}  
&client_secret={client secret}  
&scope=Directory.AccessAsUser.All  
&username={b2c user name}  
&password={user password}  
&grant_type=password  

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.