I think this is just down to a misunderstanding on my part but I am going around in circles so I thought I’d see if anyone can help.
I have an application in our preview tenant which is set up with a Groups claim filter like this:
When I try to Preview the Token in the default Authorization Server, Token Preview tab I don’t see any groups returned. I have added a groups scope to the default Authorization Server but that doesn’t seem to help. I’ve also tried using Nate’s OIDC debugger and that gives me the same results, no groups are returned in either the id or access token.
The only way I can get this to work is by adding a groups Claim on the default Authorization Server but honestly that seems like overkill when I maybe only have one or two apps in our Enterprise that need the groups in a token.
Am I missing something here?