[ ] If user is not a member of the group, send an ACCESS DENIED email.
if (verify_user(jwt, user_addr) == 0 // <-- Check for username match in JWT
&& verify_group(ab_token, group_id, debug) == 0) { // <-- Check for group membership
ret = EXIT_SUCCESS;
}
Source: https://github.com/CyberNinjas/pam_aad/issues/43