We have a very enterprise specific issue.
At the moment when we want to acquire authentication tokens for MS graph requests, we are using the MSAL libraries so we don’t have to re-implement all the kinds of token caching/refreshing logic by our self.
But as we are working from enclosed systems, we have to use a proxy to connect to login.microsoft.com, which works fine till now.

Our security doesn’t want this anymore, they want us to use our gateway.
So instead of using login.microsoft.com with a proxy server we should directly connect to gateway.enterprise.ch

Here comes now my problem, the MSAL libraries are doing so much more than just login.microsoft.com/oauth/…, but also all the userrealdiscovery stuff.

Is it in any way possible to use the MSAL libraries and bent them to use our gateway?

How it works at the moment:
building MSAL client

return o365IntegrationOptions.ProxySettings.UseProxy ?
                PublicClientApplicationBuilder
                    .CreateWithApplicationOptions(pcaOptions)
                    .WithHttpClientFactory(serviceProvider.GetRequiredService<IWebProxyMsalClientFactory>())
                    .WithDefaultRedirectUri() //https://login.microsoftonline.com/common/oauth2/nativeclient
                    .Build()
                 : PublicClientApplicationBuilder
                   .CreateWithApplicationOptions(pcaOptions)
                   .WithDefaultRedirectUri() //https://login.microsoftonline.com/common/oauth2/nativeclient

                   .Build();

….

Later fetch the token for each graph call (without caching, as that isn’t important for the question)

var result = _msalClient.AcquireTokenByUsernamePassword(_scopes, loginSMTP, password).ExecuteAsync();
return result.AccessToken;

I tried to use different methods for injecting authorities with and without a tenantId, experimental features like the OidcAuthority, directly connecting to our InstanceDiscoveryMetadataUri but i somehow never get it to do the actual call over our gateway