Updating the client with suggestions from Jenny

The controller now only accepts access_as_user as the manual creation and the creation by scripts both create that scope now;

Author: jmprieur

2. Web API now calls Microsoft Graph/TodoListClient/MainWindow.xaml.cs

@@ -188,7 +188,7 @@ await _app.AcquireTokenInteractive(scopes)
             else if (proposedAction == "consent")
             {
                 if (System.Windows.MessageBox.Show("You need to consent to the Web API. If you press Ok, you'll be redirected to a browser page to consent",
-                                                   "Consent needed for the Web API", 
+                                                   "Consent needed for the Web API",
                                                    MessageBoxButton.OKCancel) == MessageBoxResult.OK)
                 {
                     Process.Start(consentUri);
@@ -265,6 +265,7 @@ private async void AddTodoItem(object sender, RoutedEventArgs e)
                 return;
             }
 
+            // Call the To Do service.
             // Once the token has been returned by MSAL, add it to the http authorization header, before making the call to access the To Do service.
             _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
 
@@ -321,6 +322,14 @@ private async void SignIn(object sender = null, RoutedEventArgs args = null)
                 var result = await _app.AcquireTokenSilent(Scopes, accounts.FirstOrDefault())
                     .ExecuteAsync()
                     .ConfigureAwait(false);
+
+                Dispatcher.Invoke(() =>
+                {
+                    SignInButton.Content = ClearCacheString;
+                    SetUserName(result.Account);
+                    GetTodoList();
+                }
+                );
             }
             catch (MsalUiRequiredException)
             {

2. Web API now calls Microsoft Graph/TodoListService/Controllers/TodoListController.cs

@@ -36,11 +36,10 @@ public TodoListController(ITokenAcquisition tokenAcquisition)
         static readonly ConcurrentBag<TodoItem> TodoStore = new ConcurrentBag<TodoItem>();
 
         /// <summary>
-        /// The Web API will only accept tokens 1) for users, 2) having the user_impersonation scope for
-        /// this API (if you created the app using the App creation script) or 'access_as_user' if you created
-        /// it following the README.md.
+        /// /// The Web API will only accept tokens 1) for users, and
+        /// 2) having the access_as_user scope for this API
         /// </summary>
-        static string[] scopeRequiredByAPI = new string[] { "user_impersonation", "access_as_user" };
+        static readonly string[] scopeRequiredByAPI = new string[] { "access_as_user" };
 
         // GET: api/values
         [HttpGet]
@@ -71,7 +70,7 @@ public async void Post([FromBody]TodoItem todo)
             {
                 HttpContext.Response.ContentType = "text/plain";
                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
-                await HttpContext.Response.WriteAsync("An authentication error occurred while acquiring a token for downstream API\n" + ex.ErrorCode + "\n"+ ex.Message);
+                await HttpContext.Response.WriteAsync("An authentication error occurred while acquiring a token for downstream API\n" + ex.ErrorCode + "\n" + ex.Message);
             }
             catch (Exception ex)
             {