I have a client .Net application that uses ADAL to access A Web API application running on azure.
The server has custom code that verifies that the user belongs to a specific security group.
The problem is that my users belong to too many groups, which causes AAD not to include the list of groups in the token at all.
Thus my custom code makes another call to the AAD Graph API to verify that the user belongs to the group - in addition to the one the client made to obtain the auth token.
Is there a way to tell AAD to only return this one specific group in the groups claim (so that AAD will include it in the token)?
Any other idea (other than caching which i don't currently have) that will prevent me from making that second call would be appreciated.
