Neather, using the machine-to-machine(Client Credentials flow), the user == Application (not a user) & Applications can be added to groups?
I was able to code a C# unit test using Unit Testing and Implicit Flow to logon a normal user and pass the accessToken to the api. But still not sure on the api side how to tell what groups the user is in? I was able to add an access claim to the dev auth server, group1 = isMemberOfGroupName(“group1”), but this seems dump to have to add a access claim per group?