This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 80%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
I have a requirement to provide an API to our consumers. The intention is to secure the API using AzureAD B2C - Client Credential Grant flow. The authentication is via Client Certificate.
I have created a custom policy on B2C tenant that provides the access token.
I have used the sample Hello World policy available here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-policies-series-hello-world
Things work fine with the clientId and secret authentication method.
I now want to secure the OAuth2 conversation further by allowing the client to use the signed client_assertion as opposed to static client secret using their protected key.
I have uploaded the public portion of the key into the relevant app registration.
When I perform the request to https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/B2C_1A_MYPOLICY/oauth2/v2.0/token
I get the following error: AADB2C99027: Policy 'B2C_1A_MYPOLICY' does not contain a AuthorizationTechnicalProfile with a corresponding ClientAssertionType.
How can I add this kind of technical profile for supporting client_assertion instead of client secret? Any help is much appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.
Thank you for posting this in Microsoft Q&A.
I understand that you want to request an access token using client_assertion instead of client_id in an Azure B2C custom policy.
Unfortunately, certificates are not supported in Azure AD B2C user flows or custom policies.
So, currently, you can't obtain an access token using client_assertion in the client credentials flow in Azure AD B2C.
For your reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/app-registrations-training-guide#application-certificates--secrets
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.