I solved the issue by using https://login.microsoftonline.com/consumers authorization endpoint instead of https://login.microsoftonline.com/common This way I got the XboxLive.signin scope without adding it in advance to App Registration in Azure Portal.
E.g. with MSAL JavaScript:
const msalConfig = {
auth: {
clientId: ...,
authority: 'https://login.microsoftonline.com/consumers',
},
...
};