[Bug]: Array in claims taken as duplicate claims with "Duplicate claims are not allowed within a request." about data-api-builder HOT 3 CLOSED

Thank you for reporting, @abratv. I agree this is an issue and I'm looking into it. Few questions:

1. What identity provider are you using, EntraID/Azure AD?
2. Out of curiosity, do you use the scope claims (scp) in any DAB Database authorization policy rules?

from data-api-builder.

1. It's our internal open id provider
   Like what I said in another issue, I'm aware officially its Az AD but there is no "technical" limitation other than "business decision" here, Msft promote this as open source and can run it on premise so... (does not mean i want to fork it :P)
2. No, normally scope claim is used to authorize the api endpoint, say "api:person:read", then this indicate the access token can only be used to reach GET /person, it does not even hit the database yet
   Having saying that, because DAB simply throw all claims to sp_sessions_context? (there was discussion to configure this instead of using all claims but it does not made it?), it should be up to us to decide which claims to be used in session context
   DAB should simply give us "example/best practice" and not limit the possibility of using DAB

from data-api-builder.

@seantleonard i saw your PR, seems that means we can't use any stored claims with JSON array, why not simply using "scope_0", "scope_1",... but again this should be configurable

from data-api-builder.