AuthOida closes a gap in Microsoft.Identity.Web, where Azure Active Directory group assignments for an identity are only appended to the token using the groups ObjectID instead of their display name.
Using the most recent package in a NET 6 MVC app fails in builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd")) .AddMappedGroups();
due to not being able to find a matching constructor.
After changing class and method definitions in GroupsMapper and GroupsMapOptainer from internal to public, the application can start.
However the Graph call(s) fails with 'ServiceException: Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation.' (this may be an issue related to app registration)