Using the client credentials flow inside of Azure AD B2C

ClientCredentials-API.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                      xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_ClientCred_API" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_ClientCred_API" DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">

	<BasePolicy>
		<TenantId>tenant.onmicrosoft.com</TenantId>
		<PolicyId>B2C_1A_TRUSTFRAMEWORKEXTENSIONSMFA</PolicyId>
	</BasePolicy>

	<BuildingBlocks>
		<ClaimsSchema>
			<ClaimType Id="access_token">
				<DisplayName>access_token</DisplayName>
				<DataType>string</DataType>
			</ClaimType>
		</ClaimsSchema>
	</BuildingBlocks>

	<ClaimsProviders>
    
		<ClaimsProvider>
			<DisplayName>Client credentials</DisplayName>
			<TechnicalProfiles>
				<TechnicalProfile Id="REST-ClientCred">
					<DisplayName>OTP API</DisplayName>
					<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
					<Metadata>
						<Item Key="ServiceUrl">https://tenant.b2clogin.com/tenant.onmicrosoft.com/B2C_1A_ClientCred/oauth2/v2.0/token?grant_type=client_credentials&amp;scope=https://tenant.onmicrosoft.com/api/.default&amp;client_id=8d2...869&amp;client_secret=Wqq...crk
						</Item>
						<Item Key="SendClaimsIn">Body</Item>
						<Item Key="AuthenticationType">None</Item>
						<Item Key="AllowInsecureAuthInProduction">true</Item>
						<Item Key="DefaultUserMessageIfRequestFailed">Cannot process your request right now, please try again later.</Item>
					</Metadata>					
					<OutputClaims>
						<OutputClaim ClaimTypeReferenceId="access_token"/>
					</OutputClaims>
					<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
				</TechnicalProfile>

				<TechnicalProfile Id="REST-CallAPI">
					<DisplayName>Call API with bearer token</DisplayName>
					<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
					<Metadata>
						<Item Key="ServiceUrl">https://....proxy.beeceptor.com/...cred</Item>
						<Item Key="SendClaimsIn">Body</Item>
						<Item Key="AuthenticationType">Bearer</Item>
						<Item Key="UseClaimAsBearerToken">access_token</Item>
						<Item Key="AllowInsecureAuthInProduction">true</Item>
					</Metadata>
					<InputClaims>
						<InputClaim ClaimTypeReferenceId="access_token"/>
					</InputClaims>
				</TechnicalProfile>
        
			</TechnicalProfiles>
		</ClaimsProvider>
	</ClaimsProviders>

	<UserJourneys>
		<UserJourney Id="ClientCredentials-REST-API">
			<OrchestrationSteps>
        
				<OrchestrationStep Order="1" Type="ClaimsExchange">
					<ClaimsExchanges>
						<ClaimsExchange Id="ClientCred" TechnicalProfileReferenceId="REST-ClientCred"/>
					</ClaimsExchanges>
				</OrchestrationStep>

				<OrchestrationStep Order="2" Type="ClaimsExchange">
					<ClaimsExchanges>
						<ClaimsExchange Id="CallAPI" TechnicalProfileReferenceId="REST-CallAPI"/>
					</ClaimsExchanges>
				</OrchestrationStep>
        
				<OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/>
			</OrchestrationSteps>
		</UserJourney>
	</UserJourneys>

	<RelyingParty>
		<DefaultUserJourney ReferenceId="ClientCredentials-REST-API"/>

		<UserJourneyBehaviors>
			<JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="410...5d0" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0"/>
		</UserJourneyBehaviors>

		<TechnicalProfile Id="PolicyProfile">
			<DisplayName>PolicyProfile</DisplayName>
			<Protocol Name="OpenIdConnect"/>
			<OutputClaims>
				<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" AlwaysUseDefaultValue="true" DefaultValue="123456"/>
				<OutputClaim ClaimTypeReferenceId="access_token" DefaultValue="No Value"/>
			</OutputClaims>
			<SubjectNamingInfo ClaimType="sub"/>
		</TechnicalProfile>
	</RelyingParty>
</TrustFrameworkPolicy>

ClientCredentials.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                      xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_ClientCred" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_ClientCred">

	<BasePolicy>
		<TenantId>tenant.onmicrosoft.com</TenantId>
		<PolicyId>B2C_1A_TRUSTFRAMEWORKEXTENSIONSMFA</PolicyId>
	</BasePolicy>
	
	<!-- Derived from https://github.com/azure-ad-b2c/samples/tree/master/policies/client_credentials_flow -->

	<BuildingBlocks>
		<ClaimsSchema>
			<ClaimType Id="access_token">
				<DisplayName>access_token</DisplayName>
				<DataType>string</DataType>
			</ClaimType>
		</ClaimsSchema>
	</BuildingBlocks>

	<ClaimsProviders>
		<ClaimsProvider>
			<DisplayName>Token Issuer</DisplayName>
			<TechnicalProfiles>
				<TechnicalProfile Id="JwtIssuer">
					<Metadata>
						<Item Key="ClientCredentialsUserJourneyId">ClientCredentialsJourney</Item>
					</Metadata>
				</TechnicalProfile>
			</TechnicalProfiles>
		</ClaimsProvider>

		<ClaimsProvider>
			<DisplayName>Client credential technical profiles</DisplayName>
			<TechnicalProfiles>
				<TechnicalProfile Id="ClientCredentials_Setup">
					<DisplayName>Trustframework Policy Client Credentials Setup Technical Profile</DisplayName>
					<Protocol Name="None"/>
					<OutputClaims>
						<OutputClaim ClaimTypeReferenceId="access_token" DefaultValue="OAuth 2.0 Client Credentials" AlwaysUseDefaultValue="true"/>
					</OutputClaims>
				</TechnicalProfile>
			</TechnicalProfiles>
		</ClaimsProvider>
	</ClaimsProviders>

	<UserJourneys>
		<UserJourney Id="ClientCredentialsJourney">
			<OrchestrationSteps>
				<!-- [Required] Do the client credentials -->
				<OrchestrationStep Order="1" Type="ClaimsExchange">
					<ClaimsExchanges>
						<ClaimsExchange Id="ClientCredSetupExchange" TechnicalProfileReferenceId="ClientCredentials_Setup"/>
					</ClaimsExchanges>
				</OrchestrationStep>
				<!-- [Required] Issue the access token -->
				<OrchestrationStep Order="2" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/>
			</OrchestrationSteps>
		</UserJourney>
	</UserJourneys>
   
	<RelyingParty>
		<DefaultUserJourney ReferenceId="SignUpOrSignIn"/>
		
		<TechnicalProfile Id="PolicyProfile">
			<DisplayName>PolicyProfile</DisplayName>
			<Protocol Name="OpenIdConnect"/>
			<OutputClaims>
				<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
				<OutputClaim ClaimTypeReferenceId="access_token" DefaultValue="No Value"/>
			</OutputClaims>
			<SubjectNamingInfo ClaimType="sub"/>
		</TechnicalProfile>
	</RelyingParty>
</TrustFrameworkPolicy>

https://medium.com/the-new-control-plane/using-the-client-credentials-flow-inside-of-azure-ad-b2c-12952e95d8cb