Is there an option to include the AAD group name (display name) instead of the Object Id in the JWT token issued by AAD? If yes - how?
…
"family_name": "Smith",
"given_name": "John",
"groups": [
"0e1cbc5f-94bc-4c3b-a22b-a4c56bbdbd7d", // <- replace id with name
"9762d7ea-c0a9-4543-8a3e-2459e826a35a"
],
…
Some background: I’m implementing OAuth with AAD for an API. I configured 2 Service Principals (1 for API, 1 for client) and added delegated & application permissions. I also configured optional group claims to receive the list of groups. It all seems to work and I’m getting JWT tokens with group IDs in 2 scenarios: authorization code & client credentials.
In the API implementation I need to filter data basing on the AAD group membership. Example: I have an AAD group “Company1Users” and would like to apply filter: “where company=Company1”. With groupId I need to maintain additional mapping in my app (AADGroupId=Company1) or make an additional call to graph API, which I would like to avoid.