Hi @Silambarasan VaradharajThank you for posting this in Microsoft Q&A.
In Client Credentials flow, you must use the special ".default" suffix for the scope. For example, if you wanted a token for an API with client ID {ClientID}, you could use "{ClientID}/.default" as the scope.
The .default
scope is a placeholder that represents the entire set of permissions that the API exposes. When the client application requests an access token, the token contains the list of scopes that are exposed by the API and that have been consented to by the app administrator.
If you assign four app roles to an application, the application API will return all four roles, as this is the expected behavior. It is not possible to retrieve only two out of the four roles when using the client credential flow.
For your reference: Set up OAuth 2.0 client credentials flow in Azure Active Directory B2C
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.