客户端凭据Gran类型不支持自定义B2C策略 [英] Client Credential Gran Type Not Support with a Custom B2C Policy

问题描述

我正在尝试从我们的政策中生成访问令牌，但出现此错误.

I am trying to generate an access token from our policy but I am getting this error.

AADB2C90086: The supplied grant_type [client_credentials] is not supported.

这是一个邮递员请求示例

This is a sample postman request

POST /{tenant}/oauth2/token?p=B2C_1A_SignUpOrSignInWithAAD HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache

grant_type=client_credentials&client_id={client_id}&resource=https%3A%2F%2F{app_url}&client_secret={client_secret}

但是如果我不使用我们的自定义政策，而直接转到B2C租户，它就可以正常工作

but it works fine if I don't use our custom policy and just go direct to the B2C tenant

POST /{tenant}/oauth2/token?api-version=1.0
... same as above

我们的自定义政策中缺少什么吗?

Is there something missing in our custom policy?

推荐答案

B2C不支持客户端凭据流.其他详细信息在此处.在这里 Daemons/服务器-副应用程序.

B2C does not support the Client Credential Flow. Additional details are here. And here Daemons/server-side apps.

但是如果我不使用我们的自定义政策，效果很好

but it works fine if I don't use our custom policy

那是因为您从Azure AD(而不是B2C)获得令牌.

That's because you getting a token from Azure AD, not B2C.

这篇关于客户端凭据Gran类型不支持自定义B2C策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！