I am familiarizing myself with react-aad-msal library. I'm trying to use it for authentication and securing our APIs in Azure. I have a SPA, a "gateway" api, and three specific apis. The plan is to use implicit flow between the SPA and the gateway API. Between the gateway and the specific APIs, I plan to use client credentials flow. With the code below, I successfully obtain an id token and what is labeled as an access token. I use jwt-decode to decode the both tokens and they are the same. Is this the expected behavior of this provider? Or is there a config I can set to actually return an actual access token that I can pass along to the gateway API for validation?
ReactDOM.render(
<AzureAD provider={authProvider} forceLogin={true}>
<App />
</AzureAD>,
document.getElementById('root')
);
