How do I set up Blazor Server with EnableTokenAcquisitionToCallDownstreamApi so I can pass the token with impersonation to the Azure Devops API?

[Eddie-Hartman]

I feel like I'm simply overcomplicating something and would like some guidance. I have a working Blazor server application with authentication requiring the user to be signed into my organization's Active Directory. What I would now like to do is get a token for the logged in user and make calls to the Azure Devops api on their behalf from my razor pages.

What I was hoping would happen is that I would add a DownstreamApi service that would take care of maintaining a token for me, which I would then use for Bearer auth for AzureDevops. The problem I'm currently running into is that I can't get a token. Here is how I'm currently trying to get the token (and a commented out alternative I also tried) within a razor page:

@inject IAuthorizationHeaderProvider authorizationHeaderProvider;
@inject ITokenAcquisition tokenAqcuisition
@inject MicrosoftIdentityConsentAndConditionalAccessHandler ConsentHandler
...
        try
        {
            token = await authorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(new string[] { "499b84ac-1321-427f-aa17-267ca6975798/user_impersonation" });
        }
        catch(Exception ex)
        {
            ConsentHandler.HandleException(ex);
            token = await authorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(new string[] { "499b84ac-1321-427f-aa17-267ca6975798/user_impersonation" });

        //token = await tokenAqcuisition.GetAccessTokenForUserAsync(new[] { "499b84ac-1321-427f-aa17-267ca6975798/user_impersonation" });
        }

This is how the service is initially being set up:

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
    .EnableTokenAcquisitionToCallDownstreamApi(builder.Configuration.GetSection("AzureDevops:Scopes").Get<string[]>())
    .AddInMemoryTokenCaches();

builder.Services.AddDownstreamApi("AzureDevops", builder.Configuration.GetSection("AzureDevops"));

And when I try to get the token this exception occurs:
Microsoft.Identity.Web.MicrosoftIdentityWebChallengeUserException: 'IDW10502: An MsalUiRequiredException was thrown due to a challenge for the user. See https://aka.ms/ms-id-web/ca_incremental-consent. '
MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call.

I've looked into this specific exception, but feel stuck because the user is logged in, I've cleared the app and re-authenticated in incognito, which properly asked to grant permission to the user impersonation Azure Devops scope so I feel like I'm headed in the right direction, but not sure what I'm doing wrong or where to go from here. Any help would be greatly appreciated.