AzureAD - Calling Other API such as PowerBI

I have followed the example in

Call an Identity Provider API

I get a token, but its for the graph api so this means I cannot use to get a token for PowerBi

If I use a very simple ADAL login page using JavaScript then I get a token for PowerBi as I have access to the token that was used to Authenticate not the token to call the GraphAPI

Sample code, in the samples below the token is from identities[0].access_token

This works, and proves that the token is for the GraphAPI

private static void CallGrathAPI(string token)
    var client = new RestClient("");
    var request = new RestRequest(Method.GET);
    request.AddHeader("content-type", "application/json");
    request.AddHeader("authorization", $"Bearer {token}");
    var response = client.Execute(request);

This fails

var cred = new ClientCredential(clientId, secret);

var access_token_from_client_side = token;
var context = new AuthenticationContext("");

var res = context.AcquireTokenAsync("",
cred, new UserAssertion(access_token_from_client_side, "urn:ietf:params:oauth:grant-type:jwt-bearer")).ConfigureAwait(false).GetAwaiter().GetResult();

The above code should give me a token for powerbi if I start with the token generated by the initial login to AzureAD.

If I run the code above, but use a token generated from ADAL, but the Azure AD token, I can use this token to get a token for the PowerBI so it proves that the code works with the correct token.

The issue is, I cannot find a way to get the Initial token .

Example tokens

This is from identities[0].access_token

“aud”: “00000003-0000-0000-c000-000000000000”,
“iss”: “”,

This fails, does not let me generate a PowerBI token, it does let me call the GraphAPI though.

This is from ADAL, it gets stored in Session

“aud”: “d3aa0094-35ef-43cb-8174-d3c50c7b4880”,
“iss”: “”,

Notice the different AUD.

How do I get the token issued by AzureAD to allow me to get the Token for PowerBI

This is my JavaScript code that uses ADAL to get the PowerBI token

                    function (error, token) {

                        if (error || !token) {
                            // TODO: Handle error obtaining access token
                            document.getElementById('api_response').textContent =
                                'ERROR:\n\n' + error;
                        console.log('report token',token);