Hi Bart,
It seems Azure AD has a bit different interpretation for OAuth implicit grant. The scenario you are describing (calling the Graph API and SharePoint Online) uses a mix of implicit and code grant (getting a token from an API instead of the redirect URL isn’t implicit grant IMHO).
You are right that we have to change the code Radzen generates in order to benefit from HttpInterceptors. It has to use HttpClient instead of Http. I will update this thread once this is done.