So, we have a frontend application in Angular in which a user can login to Azure Ad using MSAL. The login retrieves an accessToken for the backend api with the groups in which the user is employed in it. Because their are only three groups available, the token size is not exceeded. We want to call the api which is written in ASP.NET Core and we configured that the access token is provided in the header of the request. Now we first want to create an AuthenticationScheme and three different policies based on the groups. How can we achieve that? We are not that experienced in ASP.NET Core and don't know how to retrieve the group information from the header.
Our first approach was like this: options.AddPolicy("Administrator", builder => builder.RequireAuthenticatedUser().RequireClaim("groups", "AzureAdGroups:AdminId")); but it didn't succeed.
