Hi I am working on Azure AD. I have one webapi project and swagger configured along with it. I have resisted two apps in azure ad. One for swagger and one for webapi app. Now I want to implement authorization based on groups. So now I want to call groups from microsoft graph api. From here on wards I am confused. To access groups I need to give permission to read graph in my azure Ad swagger app or webapi app? 
Below is my code.
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "implicit",
AuthorizationUrl = swaggerUIOptions.AuthorizationUrl,
TokenUrl = swaggerUIOptions.TokenUrl,
Scopes = new Dictionary<string, string>
{
{ "read_user_groups", "https://graph.microsoft.com/Group.Read.All" }
}
});
Now In azure Ad I have API Permissions and Expose API.
In my swagger App inside App registration I have API Permission and I have added Microsoft Graph and selected Groups.Read All. Then I have Expose API and we can add scopes. These two things are confusing me. My swagger app has to do groups based authorization on my web api? Can someone help me in this?