I am using Open ID Connect from ASP.Net. I have synced my Active Directory using the agent. I enabled delegation to AD. I have modified the Authorization Server to create a ‘groups’ scope and expose the groups claim with regex: .*
When I make my request to the API, the response type is “code id_token token” and the scopes are “openid profile email groups”.
When I log in as an AD user, the login is successful, but the only group in the response to the userInfoClient.GetAsync call is “Everyone”.
Am I missing something to be able to see what AD groups the user is a member of?