I am attempting to use Microsoft Graph API to manage Azure AD B2C users from an application, but I have been unable to authenticate using my client id / secret.
First, I followed the steps here to register an application: https://docs.microsoft.com/en-us/azure/active-directory-b2c/microsoft-graph-get-started?tabs=app-reg-ga
At the end of that article, I was directed here to learn how to get an access token: https://docs.microsoft.com/en-us/graph/auth-v2-service#4-get-an-access-token
They suggest using the endpoint https://login.microsoftonline.com/mytenant/oauth2/v2.0/token, but when I use my tenant in that URL, I get the error "Tenant 'mytenant' not found. This may happen if there are no active subscriptions for the tenant. Check to make sure you have the correct tenant ID. Check with your subscription administrator."
Makes sense, that's not the kind of url I've been using anyway. But what the heck endpoint should I use? So I tried a few.
There are some endpoint suggestions in my application overview, in the format of https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/policy-name/oauth2/v2.0/token But what is the policy name? There was nothing in the instructions about setting up a policy. I have some user flows that might be what they're talking about, so I tried a few, like if I use https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/b2c_1_sign_in/oauth2/v2.0/token, I get "The supplied grant_type [client_credentials] is not supported."
There are also endpoints suggested in my workflows, in the format https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_sign_in This gives the same client_credentials error.
I also tried with a b2c_1_ropc user flow instead of b2c_1_sign_in, with similar results.
What am I doing wrong? Are the instructions incomplete? Have I not guessed the appropriate endpoint?