we have an application that utilizes Exchange Webservices (EWS). For accounts on O365 we user OAuth2/ModernAuth via MSAL.
I would like to add functionality that is only available via the Graph API, for example creating an online meeting.
you cannot mix permissions for one endpoint with permissions for the other in a single request
My default authorization is EWS.AccessAsUser.All, and for the calendar operation i need Calendars.ReadWrite.
I have tried the following scenarios:
Use both scopes (prior to reading the article linked above). Results in a token that can be used for Graph, but gets a 401 on EWS
Aquire a token with EWS permission. Then use MSAL acquireTokenSilent with the graph scope. Gives me the same token for both, resulting in an "Invalid Audience" error on the Graph API
Use interactive authorization (MSAL acquireToken). This gives me a second token with the correct scope, but now i have to present the user with two authentication flows and would probably have to retain two separate IMultipleAccountPublicClientApplication instances (which i have not tried yet, maybe not even possible)
Any tips on how i can use both EWS and Graph API?