Switch to new MSAL auth_code_flow API

[rayluo]

This PR simplifies the current web app sample based on a new higher-level acquire_token_by_auth_code_flow() API, which will be available in MSAL 1.7.0 (coming soon).

On surface, this PR shrinks the 100+ lines code base by just 6 lines. The real difference is the reduction of cognitive load in the major function authorized(), while providing more functionality (the PKCE protection), AUTOMATICALLY. The table below is a comparison.

	Before this PR	After this PR
OAuth2 Concepts exposed	2 (state and code)	0
if statements	4	1 (plus one more exception handling)
exits	4 code paths	2

Other than that, the functionality of this sample remains versatile: it supports authentication, web API call, B2C authentication, B2C web API call, B2C edit profile, B2C reset password, and it will automatically pick up the PKCE feature provided by MSAL 1.7.

PR reviews are welcome, although this PR will not currently work, until MSAL 1.7 being released.

[idg-sam]

I haven't run it yet, but upon a quick review of the code it looks great. Only suggestion is to add a state arg to the build_auth_code_flow (have added the code suggestion)

👍 👍 👍

[ciarancourtney]

Hi @rayluo could you explain why this is ok to ignore, and would upgrading the ms-identity-python-samples-common repo to the new scheme help mitigate my issue Azure-Samples/ms-identity-python-samples-common#4 ?

[rayluo]

In this particular implementation, ignoring the ValueError here would let the next line run, which is to go back to the index page at a not-yet-signed-in state, rather than an error page. The current approach is our desirable user experience to handle the state mismatch.