Config

<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
    <dynamicTypes>
        <add mimeType="application/json" enabled="true" />
        <add mimeType="application/xml" enabled="true" />
        <add mimeType="text/html" enabled="true" />
    </dynamicTypes>
</httpCompression>

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
    .EnableTokenAcquisitionToCallDownstreamApi()
    .AddInMemoryTokenCaches();

builder.Services.AddSingleton<IClaimsTransformation, FilterGroupsTransformation>();

public class FilterGroupsTransformation : IClaimsTransformation
{
    public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
    {
        var identity = (ClaimsIdentity)principal.Identity;

        var filteredGroups = identity.Claims
            .Where(c => c.Type != "groups" || MyAppUsesGroup(c.Value))
            .ToList();

        identity = new ClaimsIdentity(filteredGroups, identity.AuthenticationType);
        return Task.FromResult(new ClaimsPrincipal(identity));
    }

    private bool MyAppUsesGroup(string groupId)
    {
        // Implementera logik för att endast ta med grupper som behövs
        return true;
    }
}