I am following this example https://github.com/Azure-Samples/active-directory-dotnet-native-headless to authenticate user against Azure AD using user credentials (uname,pwd) to acquire a bearer access Token. This token will be sent in the Authorization header to the Rest API. The REST API uses the token to authorize the user using ClaimPrincipal.
Now, in my Rest API, I would want to validate if the user belongs to particular Security Group or not. For that purpose I need to use Graph API. But the problem is, every-time I pass the same Bearer Token to my Graph API, which the REST API has received from Client, it throws "Access Token Malformed" error.
In one of the sample (https://github.com/Azure-Samples/active-directory-dotnet-webapi-onbehalfof/blob/master/TodoListService/Controllers/TodoListController.cs) I found we need to regenerate a new Bearer Token to call Graph API, so do I need to re-generate a new Token to call Graph API? Couldn't I use the same Bearer Token which the client has send to my REST API, to call the Graph API?
