db-reflector VS active-directory-aspnetcore-webapp-openidconnect-v2

That's true, I actually created a code generator for RepoDB with this in mind. It's still not stable and I haven't been able to work on it in a while, but at least it gets the job done similarly to the EF reverse engineering tool.

See also the Azure AD ID token claims reference for fields you can expect to see in the decoded ID token, as well as this ASP.NET Example that talks about how to configure Azure to provide the roles/group membership info in its ID tokens.

First of all, register an application in your Azure portal. You will need so called "Tenant ID" and "Client ID". Use this sample project with the detailed instruction what to do: Enable your ASP.NET Core web app to sign in users and call Microsoft Graph with the Microsoft identity platform

Please upvote this issue https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/issues/664

API - Azure AD

The official repo at https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2 is probably the most up-to-date. For example if you want B2C then https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/4-WebApp-your-API/4-2-B2C The example they have should work with .NET 6

I was having this exact issue a few days ago and found the same thread. I wasn't using Blazor and had to keep clearing my cookies to get around it. I think I updated microsoft.identity.web.ui package and it resolved itself (to 1.16).

Permissions in your application can be aligned to custom groups in your customers' AAD tenants. There are several ways to retrieve the group information. You can get the user's groups in the token. Or you could also ping Microsoft Graph to get the Groups the customer is a member of. There are few things to think about with groups: