Step 1: Specify tenant, clientId of this app and ALL
scopes that you'll need access to and redirect user for consent
Step 2: Specify one of the scopes that you previously
specified to fetch access (JWT) token, id and refresh tokens
Step 3: Specify scope if it's different to previous
one to get access token with different audience, or the same scope to
refresh access