I've created an application in an Azure AD from a manifest with several appRoles
inside of it, and I can assign users to these roles. After a user completes the single sign on, returns to my application and I then request a JSON Web Token from their login. The problem is, there are no assigned roles listed in the token I get back from Azure, as it would suggest there's supposed to be here.
Is there a configuration option I'm missing or is there an alternate way to find out their assigned role through the Azure Graph API?
Update:
After specifying the resource
as the App ID URI when requesting the authorisation URL I've managed to get a little further.
I'm now getting back the following error (in the return URL):
"The signed in user '<user email>' is not assigned to a role for the application '<app client id>'."
The user has definitely been assigned a role in the Azure AD control panel for the app, and the app client id in the error message matches the app's client id exactly.
Application config:
User assigned a role:
Error message after logging in and returning to app: