Group_ids array missing for a single user


Apologies if this has already been posted and I didn’t find it.

We’ve configured our AD application to send Security Group IDs in the auth token response. This shows up as an array of group_id, with IDs for each security group the user is a member of.

This is working well, and has been for a long time.

However, occasionally, we find a user / login, where the group_id array is missing. It’s not empty, or part filled, just not included.

Is this an Azure AD problem, and if so is it a known one with a workaround?
If there are too many group IDs to fit in the response token, what is the expected behaviour? I thought that some would still be shown, or some sort of overflow token would be provided, but I don’t see either of those in the raw JSON when viewing in the Auth0 dashboard.

Any help / docs much appreciated!