Using Azure AD OpenID Connect (OIDC) for Authentication

Okay I think our friends at HashiCorp have documented the magic.Specifically there is discussion about the scope called “https://graph.microsoft.com/.default

This maybe the missing magic that Azure requires to set the groups_claim correctly for OIDC.

Take a look at:

Azure Ref: