I have a native client application in which I am able to get id_token and access token and now I am trying to add authorization. I was able to successfully authorize using rules based authorization but the caveat for this is, I need to integrate those rules under user’s app_metadata - also, it is tedious to do if I have 100+ users using my application. Is there a way I can do Azure AD roles/groups based authorization? - if so, do you have any API’s that support that functionality?
You should be able to use Authorization Extension, unless this is what you are saying you want to avoid? You would have Azure AD enable your application to access users’ group_ids and use a custom rule to add the user’s group_ids to the id token. There is more information here on Configuring Authorization Extensions. Please let me know if I misunderstood your issue.