...
From here, those resource assignments are then provisioned to the CoreOne Authentication Service. While During this provisioning process, assignment context and other transformations can be applied. With those transformations, application specific information can be added. Whenever a user then authenticates himself for a given application, those provisioned resource assignments are exposed to the application as part of the access token. This is either through the roles or the roles_with_context claim. The later is used whenever a resource assignment has a context. For example someone has the right to submit taxes for the company ITSENSE. The company ITSENSE represents the context.
...