ADAL.js and AAD v1 works to access Azure DevOps using delegated user_impersonation scope.
I used the same AAD Application Id with delegated permissions to generate access tokens using MSAL.js. The tokens were created successfully, but the access token does not work to access Azure DevOps.
The only meaningful difference in the decoded JWT token is that the "aud" claims are different.
In ADAL/v1, the aud is the application id of Azure DevOps:
"aud": "499b84ac-1321-427f-aa17-267ca6975798"
In MSAL/v1, the aud is the unique uri for Azure DevOps:
"aud": "https://app.vssps.visualstudio.com"
Has anyone been able to use MSAL.js with user_impersonation delegated permissions to access Azure DevOps rest API? If so, are there something missing to get MSAL to work?
Is it possible that their JWT validation just doesn't yet account for the second audience value?