After successfully being issued a JWT token from AAD after logging in - the token itself does not contain any claims for the users groups as set up in AAD.
When using a local AD and forms authentication I can see all the users groups as claims in the ClaimsIdentity.
Are there plans to add the users groups as claims to the token as part of logging in to AAD? If so when could I expect that to happen?
I know that I could access the Graph API to get this information, but I don't think that this is a step that should have to be taken.
In terms of my specific use case, I am using angular.js with an express based website and passport.js. The site will need to cater for both AAD and AD and passport.js has a provider for each, so that is not a problem. The issue I have is that I want to implement role based security based on the users group claims after logging in, but can't do so when running in AAD.
Thanks for any thought/help in advance.
Chris