Hi @Balakrishna Sudabathula · Thank you for reaching out.
When you acquire a token under user context, permissions are included in the Scope (SCP) claim and AppRoles are added as Roles claim within the Access Token. However, when the token is requested under application context via Client Credentials flow, permissions are added as Roles claim and not as Scope claim.
This behavior is as per design and you can't get scope claim in Application's access token. To resolve the 401 error, you need to update your application's code to do the authorization based on Roles claim instead of Scope claim or configure it to look for both claims and perform authorization based on whichever claim is present in the Access token.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.