Problem Statement
We use the client credentials grant to get an access token by passing valid client_id and audience. The API is enabled for that client ID with many grants. However, the returned token has no scope. When trying to use the access token for some request that needs a specific grant, we received the below error:
Insufficient scope, expected any of: read:signing_keys
Cause
The error is due to the misconfiguration in the the client credentials exchange hook.
Solution
Remove or fix the client credential exchange hook.