Could not create application in new azure b2c tenant programmatically using token generated from app/user credentials on subscription directory?

Question

I have created a new azure b2c tenant directory programmatically using MS API.

now I want to register an app on newly created azure b2c tenant without switching into it manually.

To generate token, I have created a multi tenant app and global admin user on subscription directory (MS ENTRA ID). auth token is received using grant type as client_credentials flow for new azure b2c tenant, but could not create application in new azure b2c tenant using the token.

token api:

is it possible to create an app on azure b2c tenant using authentication token generated through app/user on subscription Entra Id tenant ?

any help would be appreciated.

api error response:

{
    "error": {
        "code": "Authorization_IdentityNotFound",
        "message": "The identity of the calling application could not be established.",
        "innerError": {
            "date": "2024-04-10T14:54:05",
            "request-id": "7d3d5b49-f865-415e-b95d-802506335add",
            "client-request-id": "7d3d5b49-f865-415e-b95d-802506335add"
        }
    }
}

Answer 1

Apologies for the delayed response @Dharmendra Patidar.

The error message "Authorization_IdentityNotFound" indicates that the identity of the calling application could not be established. This error message usually occurs when the token used to authenticate the application is not valid or does not have the necessary permissions to perform the operation.

I suggest inspecting the token generated using the client_credential flow for the necessary permissions to create the application in the tenant in the app registration blade. I'm not well versed on B2C, but I think it would be similar to Tutorial - Register a web application in Azure Active Directory B2C - Azure AD B2C | Microsoft Learn.