![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 48%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,891 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hi @Silambarasan VaradharajThank you for posting this in Microsoft Q&A.
In Client Credentials flow, you must use the special ".default" suffix for the scope. For example, if you wanted a token for an API with client ID {ClientID}, you could use "{ClientID}/.default" as the scope.
The .default scope is a placeholder that represents the entire set of permissions that the API exposes. When the client application requests an access token, the token contains the list of scopes that are exposed by the API and that have been consented to by the app administrator.
If you assign four app roles to an application, the application API will return all four roles, as this is the expected behavior. It is not possible to retrieve only two out of the four roles when using the client credential flow.
For your reference: Set up OAuth 2.0 client credentials flow in Azure Active Directory B2C
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.