-
Type:
New Feature
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
Server Security
-
None
-
3
-
TBD
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
0
This came up in a recent customer request
Per this article from Microsoft:
When you request all groups in your token as shown in the example, you can't rely on the token having the groups claim in your token. There are size limits on tokens and on groups claims so that they don't become too large. When the user is a member of too many groups, your app needs to get the user's group membership from Microsoft Graph. The limits for groups in a groups claim are:
- 200 groups for JSON web tokens (JWT).
...
In all of these cases, instead of having a groups claim, you see an indication (known as a group overage) that tells you that the user is a member of too many groups to fit in your token.
Implicit flow overage indication is done with a hasgroups claim instead of the groups claim.
{{When complete this ticket will provide handling for {{hasgroups }}}}claims in Entra ID tokens to retrieve a complete groups set from the Graph API