This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 69%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
We have an API app set up under one tenant (Tenant A) with a role "test". I then have a demo app set up under a different Tenant (Tenant B), and added that role under Tenant B's app (screenshot below). However, when I make a call to oauth2/v2.0/token using client_credentials flow the JWT does not contain a roles property. Is it possible to pass roles in my current configuration? I was able to access the roles in the JWT when "demo app" was set up under Tenant A.
One of the option is to use App Roles in your application. Refer the following URL
Another option is to get the security groups of the signed in user. Refer the following sample
Hope this helps
Thank you for your answer sreejukg. I'm currently using App Roles (and want to proceed in this direction), but cannot get them to come through on the JWT in a separate tenant. I'll have to investigate security groups, although I'm not sure how to do that since our web app will be using client secret to authenticate as opposed to a user.