Forum Discussion
Azure AD Stopped returning group claims
Update: I found the root cause. Tracing through the timeline here's what I found.
The two broken environments had a new Reply Url added. You wouldn't think that would affect anything, but it does - in the manifest, it resets groupMembershipClaims from All back to null. For the record, generating a new key also sets this value back to null.
The other gotcha is that once you have this setting changed back to All, you need to sign in again to get the new token values. That means completely closing the browser or waiting for the token to expire. I'm pretty sure we corrected the issue a few times, but didn't force a reauthentication.
Hopefully this helps somebody else.
Update: I found the root cause. Tracing through the timeline here's what I found.
The two broken environments had a new Reply Url added. You wouldn't think that would affect anything, but it does - in the manifest, it resets groupMembershipClaims from All back to null. For the record, generating a new key also sets this value back to null.
The other gotcha is that once you have this setting changed back to All, you need to sign in again to get the new token values. That means completely closing the browser or waiting for the token to expire. I'm pretty sure we corrected the issue a few times, but didn't force a reauthentication.
Hopefully this helps somebody else.
