Allow signed in user to read AD group memberships with minimal delegated permissions
Applications that implement group based authorization require the ability to query the group identifiers of the signed in user via minimal delegated permissions. The group based authorization is a common scenario for (multi-tenant) SaaS applications. Oftentimes it's difficult or impossible to get permissions from a customer that can expose a broad set of information. Even if one was able to get the permissions, the implementation would still be sub-optimal and cause unnecessary security risks.
The current version of user: getMemberGroups function doesn't satisfy the need because it requires broad and even application level permissions.
Please note that the above document is out of date and inaccurate regarding the required permissions.
Please implement support for the operation of querying group identifiers of the signed in user with appropriate minimal delegated permissions (such as User.Read).