The crux of all the below is this: how do I validate an Azure AD access_token from the Django/DRF API sent to it from the ReactJS FE?
access_token
