Insufficient scope errors when accessing tenant management API

Problem Statement

We use the client credentials grant to get an access token by passing valid client_id and audience. The API is enabled for that client ID with many grants. However, the returned token has no scope. When trying to use the access token for some request that needs a specific grant, we received the below error:

Insufficient scope, expected any of: read:signing_keys


The error is due to the misconfiguration in the the client credentials exchange hook.


Remove or fix the client credential exchange hook.