I've adapted the Azure Mobile Apps example (https://github.com/Azure/azure-mobile-apps) and got it to work with the DataSyncClient (for offline sync). However I would like to reuse the token I get during authentication via the IdentityClient to call the Microsoft Graph API. This is failing and I guess it is due to the scopes I use.
Other than in the samples documentation I needed to use the real TenantID instead of "common" which is, I guess, because of the setup of my companies tenant. Secondly, probably related to the above, I had to setup my scope for the "access_as_user" permission as "api://<client_id>/access_as_user". Now I would need the additional scope "User.Read", but if I request them both together (to be able to reuse the received token), I get a "Invalid audience" when using the token for the graph API call.
Any idea? BR, Daniel
You need to get 2 access tokens. One access token only works for one API. Typically you can get the second token without a second login prompt (e.g. with refresh token, MSAL handles this for you).