Exchanging azure AD token with Identity server token

I have a architecture consisted of mobile application(flutter), api 1, and api 2. The api 2 is secured by identity server 4. My scenario is mobile application need to authenticate user via azure ad directory. After getting the azure ad token in mobile application, i have no idea how to exchange it with identity server 4 token that is currently used to secure my api 2. My current workaround implementation is done by using flutter appauth to open up the identity server 4 login screen which will redirect user to azure ad login. Once user login, the identity server 4 will return the access token that can be used to access api 2 to my mobile application. In general, my mobile application will pass the token to api 1 and api 1 to api 2 during request. Just wonder is this architecture has any issue? Because recently i came across the Extension grant in identity server 4 from link http://docs.identityserver.io/en/latest/topics/extension_grants.html. Which technically i should get azure ad token via flutter appauth and pass it to api 1 and then api 1 exchange it with api 2 to get the access token which is shown in the extension grant documentation above. May i know should i change my current existing workaround architecture?

You should make your mobile applications and API's and web app to all use IdentityServer. And then login to AzureAD through IdentityServer.

Like this picture tries to show: