Could we also get role-based access? When working with Azure AD there will typically be a combination of roles (user authorization) and scopes (application authorization).
Just because I can make an application and get a super-user to log into my application doesn't mean the application should be able to do everything the super-user is allowed to do (scopes). Likewise, just because a user is able to log into an application doesn't mean that the user should always be able to do everything the application has permission to do (user roles).
This is great!
Could we also get role-based access? When working with Azure AD there will typically be a combination of roles (user authorization) and scopes (application authorization).
Just because I can make an application and get a super-user to log into my application doesn't mean the application should be able to do everything the super-user is allowed to do (scopes). Likewise, just because a user is able to log into an application doesn't mean that the user should always be able to do everything the application has permission to do (user roles).