Error while trying to use Azure APIM Credential Manager in a policy

I am planning to use Azure API Management’s “Credentials Manager” in my policies so that validating a request and generating bearer token to be sent in each request to the backend will be the responsibility of the Azure APIM instead of the backend APIs.

To this end, I have already registered the API in Azure Entra ID and able to generate bearer token using client credentials flow. I am also able to test the endpoint through APIM using postman.

The token is generated and added in the header before invoking the APIM endpoint. All this works fine so far.

Since I want to simplify this process with and out-of-the box solution provided by APIM and use its  “Credential Manager” feature, I have configured the credential manager by providing the required details (client id, secret, tenant id, resource url) for the selected Identity Provider “Azure Active Directory v1” and grant type “Client Credentials”. The credential manager is able to establish a connection without any error.

Now, as I want to use it in my API policy to generate a token I have used the policy “get-authorization-context”.  However, when I test the API, I get an error "Object reference not set to an instance of an object."

Here’s my test API policy:

      <inbound>

        <base />

        <get-authorization-context provider-id="aad-provider" authorization-id="aad-connection" identity-type="jwt" context-variable-name="auth-context" />

        <set-header name="Authorization" exists-action="override">

            <value>@("Bearer " + ((Authorization)context.Variables.GetValueOrDefault("auth-context"))?.AccessToken)</value>

        </set-header>

    </inbound>

 Is this the correct way of using the credential manager? I am not sure about “identity-type” field, is it jwt or managed?

Any help is greatly appreciated.