Implement OBO (on-behalf-of) in Android

Question

Hello!

I will present my case:

1. I implemented an Android application which will authenticate an Azure AD user, using MSAL Android library
2. I am using and Azure app registration, let's name it AZ-App-A
3. I am authenticating the user using the MSAL library using the JSON config string from the AZ-App-A
4. As a result of a successful authentication I get an accessToken for the authenticated client for the App registration AZ-App-A
5. Now I have a second App registration, let's call it AZ-App-B

The target:

• I want to use the accessToken I got at step 4. and use it in a OBO (on-behalf-of) post to get an accessToken for the same user but for the scope of my second App registration - i.e. AZ-App-B
• I already implemented the POST method in my application using a REST API call like

The achievement:

• I am authenticating using Postman, against AZ-App-A and I use the resulted accessToken from Postman into my application into the OBO call and I successfully get a new "accessToken" for the scope of AZ-App-B, so this scenario is fine

The problem:

• Now I am authenticating against AZ-App-A using my application and MSAL Android library and as a result of the successful authentication I got an accessToken for AZ-App-A
• But when I use the accessToken obtained by authenticating with MSAL Android library, the OBO POST API call fails with 400 Bad Request
• When I decode both access tokens jwt.io I could see that the one got from autheticating with MSAL Android library is very much different from the one got authenticating with Postman

Quiestions:

1. Is OBO even possible from an Android app using the MSAL Android library to authenticate?
2. If the answer is NO then what should I do to authenticate in an Android app to get a "good" access token which will work in OBO?

Thank you!

Best regards,
Cornel