Azure AD spoke throwing error "Client credential flows must have a scope value with /.default suffixed to the resource identifier". - Support and Troubleshooting

Azure AD spoke throwing error "Client credential flows must have a scope value with /.default suffixed to the resource identifier". Description Getting error "The provided value for scope openid is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI)." when trying to configure the OAuth credentials for Azure AD spoke.

Release or Environment All

Cause OAuth flow failed. Verify the configurations and try again. Error detail:invalid_scope, AADSTS1002012: The provided value for scope openid is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).

Resolution Please change the OAuth Entity scopes (https:// .service-now.com/nav_to.do?uri=oauth_entity.do?sys_id=c7558fb9cb111200d6f21494634c9ca2%26sysparm_view=oauth_provider) to have an entry with Name 'Default' and OAuth Scope '.default' (no quotes). This seems to be what Azure AD requires when using "Client Credentials".

The Azure AD default_profile (https:// .service-now.com/nav_to.do?uri=oauth_entity_profile.do?sys_id=d8368fb9cb111200d6f21494634c9ca6%26sysparm_view=oauth_provider) needed to be mapped to have OAuth Entity scope 'Default' with scope '.default'

Additional Information Please refer: Set up Microsoft Azure AD spoke