You're encountering an "Access token is empty" error when trying to add users to an Azure AD group using the Microsoft Entra ID (Azure AD) Spoke in ServiceNow, which typically points to a misconfiguration in the OAuth setup. While your client ID and secret are correctly configured, the issue likely lies in missing or incorrect scopes, or an improperly set token URL or grant type. You should verify that the OAuth profile is using the correct grant type (preferably Client Credentials), the token URL is formatted as https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token, and the scope includes https://graph.microsoft.com/.default. Additionally, in Azure, ensure that the app registration has the required API permissions like Group.ReadWrite.All and User.Read.All, granted as application permissions, not delegated, and that admin consent has been provided. If all looks correct and you're still getting an empty token, try testing the token generation manually using Postman or cURL to confirm the problem lies in the token request and not in the flow logic. Also, review the connection alias in Flow Designer and ensure it's linked to the correct OAuth profile. Often, deleting and recreating the connection alias and OAuth record can also resolve hidden issues.