I've set up a multi-tenant authentication web app that goes through the /common issuer using openid. I am able to sign in from the different tenants. However, the user roles claims are not being sent in the id token when authenticating this way.
I've used https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant and https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps as the primary references to complete this, but after attempting to follow all the steps, the roles still do not show up.
If I switch the application to use single tenant, and use the tenant specific issuer, the roles do show up in the claim token as I'd expect, so I don't believe it is a configuration problem when setting up the roles. How do I get the roles to show up when using /common or is there a different approach needed entirely to access the roles when doing a multitenant application?
