[BUG] MGT4 prepscopes and custom apps/domains causes token corruption

[nickjisc]

Describe the bug When using prepscopes to call graph endpoints whilst having a custom app prep scope already obtained can result in the token for the custom app/domain becoming invalid and cannot be re-requested. Reverting to v3 of MGT fixes the issues.

To Reproduce Steps to reproduce the behavior:

1. Use a custom domain/app in a prepscope call
2. prepscope with additional graph services
3. attempt to call the custom domain/app api will result in a 401 error with the token being invalid

Expected behavior Should work as with v3 of MGT, that a prepscope doesn't invalidate the custom domain/app api endpoint

Environment (please complete the following information):

• OS: Windows (Web)
• Browser: Edge
• Framework: React
• Context: Web (with mix of custom api (entra secured) and graph
• Version: 4 latest
• Provider: Msal2Provider

Providers.globalProvider = new Msal2Provider({
    clientId: "xxxxxx",
    loginType: LoginType.Redirect,
    redirectUri: window.location.protocol + "//" + window.location.host,
    scopes: ["user.read", "openid", "offline_access", "api://xxxxxxx/user"],
    customHosts: ["xxxxx", "service.powerapps.com", "api.bap.microsoft.com", "api.powerbi.com"]
});

Providers.client.api('some url').middlewareOptions(prepScopes(["api://xxxxxx/user"]))

then

Providers.client.api(`organization/${tenant!.id}`).middlewareOptions(prepScopes(["Directory.AccessAsUser.All",  "https://service.powerapps.com//User"])

and then back to the first call results in a 401 error

The same code (without the array brackets) works without issue in v3

[nickjisc]

still broken in the latest build