Groups are not added to the claim

[egor-yudkin]

This issue is for a: (mark with an x)

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

azd version?

run azd version and copy paste here.

Mention any other details that might be useful

I've followed the Login and ACL setup document to set up authentication and document-level security.

Server app has the optional groups claim added to token configuration.

But the ID Token Claims table in the Settings doesn't display any groups. There is no "groups" row at all. I'm assuming the application itself also doesn't see any groups for logged in user. So when I enable "Use groups security filter" it simply doesn't answer any questions because all items in my index have groups populated with group ids.

Can you please suggest how to fix this or maybe how to troubleshoot?

[egor-yudkin]

Okay, I think I figured it out on my own. The groups claim should be added to the Client app, not the Server app as the documentation says. @mattgotteiner Does it make sense? Would you be able to fix the document? And also why enabling group claims is optional? Is there any disadvantage of having it added by default? Wouldn't it be better done during deployment of the Client App Registration if authentication is enabled, otherwise it's just an extra manual step one has to make. And if one is following the documentation's Automatic Setup section, it's not obvious that adding group claim still needs to be done manually.