Application authorization uses app roles.
Roles are emitted in the roles claim of tokens.
App roles UI.
App manifest editor.