@Batchu Sai Akhil
Thank you for your post and I apologize for the delayed response! For the documentation that you referred to when integrating your SPA in React, would you be able to share it again? It looks like it might've not linked correctly.
When it comes to the access token, and authorizing the user based off of their respective permissions, have you looked into using Delegated Permissions? When using an AzureAD app, you can assign Application or Delegated permissions to that app.
- Application permissions are used by apps that run without a signed-in user present, for example, apps that run as background services or daemons.
- Delegated permissions, these are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests. The app is delegated permission to act as the signed-in user when it makes calls to the target resource.
For more info:
Azure AD App Application Permissions vs Delegated Permissions
Permission types
I hope this helps, if you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.