Using Custom Authorization server to authenticate users in ASP.Net MVC App


I am fairly new to Okta so please bear with me. That being said, we have a requirement to include custom claims in the openId token returned when a user log-in into MVC app. I followed the documentation and created a new Custom Authorization server with some default scopes including openid, profile, email… and added a few claims, an access policy rules to allow all grant types including Auth code, Client Credentials etc.

Now when I am trying to test the token using token preview for the MVC APP I added, using the grant type, client credentials with scopes openId and profile, I am getting the error ‘Cannot request ‘openid’ scopes using client credentials.’

Why is that? Why can’t we access openId scopes using client credentials? This is how our app is going to request token from the auth endpoint. Can you please suggest what am I missing or misunderstanding here?

client credentials is user-less flow, client (application) is acting of behalf of itself, so openid scope is not applicable in this scenario