Nevermind, I just found out it was not possible atm according to When using client credential how to provide Groups as claim?
Is there an alternative approach for what I’m trying to accomplish besides having our own application store an application’s role?