The Web API contains an authorized endpoint that I want to call from the Web App.
For this I'm trying to get an access token by using the
ITokenAcquisition.GetAccessTokenForUserAsync method passing an empty string array for the scopes.
The goal is to get an access token that I can set in the
Authorization header for the HTTP request I'm sending to my Web API.
Unfortunately the attempt to get an access token always ends up in an
MsalUiRequiredException exception with reference to incremental consent docs.
What I don't really understand is how to just get an access token for "no scopes". The Web API endpoint requires no special scopes, just that the caller is an authenticated user.
Further I really don't want to bother the user with any additional consent dialogues. I only know these dialogues if some service wants access to data from foreign services like if I want access to some profile data from the user's facebook identity. But if the user just uses my web app and reads/writes data to it I really don't want to ask them if they really want to read/write data to my service as they are already using them to do this in the first place.
I can understand that I might introduce scopes in the future for non-regular user functionality like moderation/administration features but there will always be a set of functionality that should be accessible for any regular user without any additional consent. Just sign in and use them.
I really don't know if I'm missing something about B2C in general or if I'm just getting lost here after reading and trying so much stuff about it.
I hope someone can help me out on this.