您不应使用来自本地客户端应用程序的客户端凭据调用Graph API （例如Xamarin / iOS应用）。 这是一个巨大的安全漏洞。客户端应用程序本质上是不安全的，任何人都可以反映代码并掌握您的client_id和client_secret的内容，它们可用于在Azure AD B2C租户中创建/更新/删除用户。

您的本机客户端应用程序应调用一个Web API，该Web API将依次调用Graph API。此Web API（链接至示例）是您构建的API，具有授权逻辑来限制用户管理操作。

一旦通过Microsoft Graph和MSAL支持Azure AD B2C中的用户管理，您将不需要此API，并且将能够使用委托权限（与使用客户端的应用程序权限相比）凭据）以使您的本机客户端应用程序直接与Microsoft Graph通信。在此期间，您必须按照上述指南建立自己的Web API。

Since Microsoft Graph API doesn't have the feature to manage B2C AD Users, from one of the docs we have been asked to use ADAL which required to create a special application in the Azure AD B2C tenant. Created an application key to provide API access from the xamarin.ios app.

 AuthenticationContext authContext = new AuthenticationContext(authority);
            credential = new ClientCredential(clientId, GraphClientSecret);
            authResult = await authContext.AcquireTokenAsync(graphResourceUri, credential);

At the AcquireTokenAsync call we are getting an exception

 AcquireTokenHandlerBase.cs: System.NullReferenceException: Object reference not set to an instance of an object at Microsoft.IdentityModel.Clients.ActiveDirectory.BrokerHelper.get_CanInvokeBroker () [0x0000c] in <786d1e888b334ad993ac80d2bc3b6e92>:0 
  at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase+<RunAsync>d__55.MoveNext () [0x00389] in <97581c6894a642ef95d008cded8ad4ac>:0 

If I change that call to removing the credentials, I just get a login screen.

Packages used:

Sample was taken from Sample from Docs

Any help would be greatly appreciated.

You should NOT call the Graph API using Client Credentials from a native client application (such as a Xamarin/iOS app). This is a HUGE security hole. Client applications are inherently insecure, anyone can reflect the code and grab a hold of your client_id and client_secret which they can use to create/update/delete users in your Azure AD B2C tenant.

Your native client application should call a web API which would in turn call the Graph API. This web API (link to sample) is an API you build which has authorization logic to scope the user management operations.

Once user management in Azure AD B2C is supported via the Microsoft Graph and MSAL, you won't need this API and will be able to use delegated permissions (vs application permissions using client credentials) to have your native client application talk directly to the Microsoft Graph. In the interim, you'll have to stand up your own Web API as per the guidance above.