The supplied grant_type [client_credentials] is not supported

Joe S George 46 Reputation points

Hi Team,

I was using to get my token. Now I am trying to migrate it to It is giving an error

"The supplied grant_type [client_credentials] is not supported"

I am not using any custom policies. I have created an user flow for signinsignout.

This is my API:

POST https://{tenant}{tenant}{user flow name}/oauth2/v2.0/token

client_secret = xxxxxxx
client_id = xxxxxxxx
grant_type = client_credentials
scope =

Please help. Thank You.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,532 questions
0 comments No comments
{count} vote

Accepted answer
  1. soumi-MSFT 11,761 Reputation points Microsoft Employee

    @Joe S George , If your main issue is trying to get application authenticated with AAD, you certainly need to use the Client_Credential flow of OAuth 2.0.

    B2C tenant and an AAD tenant are two different tenants. It all depends on that fact that where you have registered your application.

    Suppose we have application named App1, which is registered in AAD tenant, then the app must request a token from AAD tenant to get itself authenticated. In that case your auth request should look like:

    client_id : xxx-xxx-xxx  
    client_secret: xxx-xxx-xxx  

    on the contrary, if you have registered your application in the B2C tenant, then you need to make a call to the B2C tenant to get your application authenticated using the client-credential flow. But to note here, B2C as of now doesnt support the client-credential flow of OAuth.

    Yes, we are deprecating the for only the B2C tenant as you mentioned and that is basically to draw a line of difference between the app being used for what purpose. To elaborate this, when you register an application in the B2C tenant using the App registrations blade, that app can be used to get a token both from the AAD tenant (which is the underlying the B2C tenant) as well as from the B2C tenant also. Now to remove the confusion of from where the token is being requested from, we are deprecating the use of for the apps being used to request tokens from the B2C tenants.
    Hence what we suggest is to use:

    • while requesting tokens from B2C tenants.
    • when requesting tokens from AAD tenants.

    Note: Again would like to re-iterate, B2C tenant as of now doesnt support Client_credential flow, hence if you app is designed to fetch tokens using client_credentials flow, try using and get the tokens issued from AAD rather than B2C.

    Hope this clarifies your doubts. Incase there are any more queries around this always feel free to reach out so that we can help you better and get you a better grip on the Azure Technologies.

    Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

4 additional answers

Sort by: Most helpful
  1. Jai Verma 461 Reputation points
    0 comments No comments

  2. soumi-MSFT 11,761 Reputation points Microsoft Employee

    @Joe S George , The grant_type = client_credential flow is used only when an application is trying to authenticate itself to AAD and trying to get a token from AAD for itself. When a user tries to authenticate itself and tries to get a token from AAD, you would have to use the Authorization Code Grant flow of OAuth. You can find more details about this flow and its requests here.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

  3. AmanpreetSingh-MSFT 56,501 Reputation points

    @Joe S George , Client credentials flow with is currently not supported. If you want to use Client Credentials flow, you need to use standard Azure AD endpoint only i.e. starting with

    There is an active feedback for this feature here:, you can vote for it.


    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments No comments

  4. Maulik Modi 36 Reputation points

    @AmanpreetSingh-MSFT or @soumi-MSFT ,

    1. Is it possible to specify scopes when creating client using client credentials flow e.g. SPA Protected Resources section
    2. Is it possible to specify scopes when creating client using Authorisation code flow SPA Protected Resources section
    0 comments No comments