I am getting invalid_scope error in access token request for client credential flow. The error log states that "cannot request OpenID scopes in client credentials flow". I haven't requested for the open id scope. I don't know from where it came from. I need to generate access token using client credential flow.
Issue / Steps to reproduce the problem
API Resource definition.
public IEnumerable GetApiResources() { return new List { new ApiResource { Name = "WidgetApi", DisplayName = "Widget Management API", Description = "Widget Management API Resource Access", ApiSecrets = new List { new Secret("scopeSecret".Sha256()) }, Scopes = new List { new Scope("WidgetApi.Read"), new Scope("WidgetApi.Write") } } }; } Client Definition;
return new List { new Client { ClientId = "WidgetApi Client Id", ClientName = "WidgetApi Client credential", RequireConsent = false, AllowedGrantTypes = GrantTypes.ClientCredentials, ClientSecrets = { new Secret( clientSecret.Sha256()) }, // scopes that client has access to AllowedScopes = { "WidgetApi.Read", "WidgetApi.Write"}, AccessTokenLifetime = 3600 }; } Access token request body (key - value) using postman
grant_type client_credentials response_type id_token scope WidgetApi.Read WidgetApi.Write client_secret xxxxxxxxxxxxxxxxxxxxxx client_id WidgetApiClientId Relevant parts of the log file
dbug: Microsoft.EntityFrameworkCore.Storage.Internal.SqlServerConnection[4] Closing connection to database 'IdentityServer4Db' on server 'localhost\SQLEXPRESS'. dbug: IdentityServer4.EntityFramework.Stores.ResourceStore[0] Found PssUserMgtApi.Read, PssUserMgtApi.Write API scopes in database fail: IdentityServer4.Validation.TokenRequestValidator[0] xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx cannot request OpenID scopes in client credentials flow fail: IdentityServer4.Validation.TokenRequestValidator[0] { "ClientId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "ClientName": "xxxxxxxxxxxxxxxxxxxxxxxxx", "GrantType": "client_credentials", "Scopes": "xxxxxxxxxx.Read xxxxxxxxxxxxx.Write", "Raw": { "grant_type": "client_credentials", "response_type": "id_token", "scope": "xxxxxxxxxxxx.Read xxxxxxxxxxxxx.Write", "client_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "client_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" } } info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2] Request finished in 5292.2873ms 400 application/json dbug: Microsoft.AspNetCore.Server.Kestrel[9] Connection id "0HL51IVGKG792" completed keep alive response. 
WidgetApi.ReadandWidgetApi.Writeas IdentityResource instead of ApiResource? You will also still get an error asking for id_token for client_credentials flow. You should ask for "token" instead.