Given the breaking changes of OIDC and the importance of user groups/roles/permissions, i agree with w.frannsen, the documentation is confusing. Prior to creating custom claims, the roles claims could be passed to a .net core backend without any additional configuration.
Now that we must define custom claims with a namespace, we must also receive custom claims in the back-end. That takes extra configuration, THAT WE FIND OUT THE HARD WAY.