If you use Client Credential flow to obtain an access token, you must create an application and grant application permissions to the application (this is because Client Credential flow has no user interaction).
Before that, you need to understand the difference between delegated permissions and application permissions:
Application permissions allow an application in Azure Active Directory to act as it's own entity, rather than on behalf of a specific user.
Delegated permissions allow an application in Azure Active Directory to perform actions on behalf of a particular user.
Then you need to define the application permissions by editing the list of api applications.here is an example.
Refer to this document and use Client Credential flow to get access tokenhere:
1.First you need to get the administrator's consent:
GET https://login.microsoftonline.com/{tenant}/adminconsent?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&state=12345
&redirect_uri=http://localhost/myapp/permissions
2.Then you can get the access token by sharing the secret:
POST /{tenant}/oauth2/v2.0/token HTTP/1.1 //Line breaks for clarity
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
&client_secret=qWgdYAmab0YSkuL1qKv5bPX
&grant_type=client_credentials
Parse the token and you will see your custom roles:
Okay, now you can use the token to access your resources.
