Grant AAD group data plane reader permission does not work

We are continuously addressing and improving the SDK, if possible, make sure the problem persist in the latest SDK version.

Describe the bug I’m following the doc https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac to grant data reader permission to AAD group, then I use one user principal belonging to the AAD group to read container items, however error happens: Forbidden (403); Substatus: 5301; ActivityId: 3e1f99ac-458c-43ac-b557-b1eadd77fc4e; Reason: (Request blocked by Auth *** : Request is blocked because principal [****] does not have required RBAC permissions to perform action [Microsoft.DocumentDB/databaseAccounts/readMetadata] on resource [/]. Learn more: https://aka.ms/cosmos-native-rbac.This could be because the user’s group memberships were not present in the AAD token.

To Reproduce First grant aad group data reader permission, then run code below to use credential belonging to the aad group:

            CosmosClient client1 = new CosmosClient("https://***.documents.azure.com:443/", new InteractiveBrowserCredential());
            var c1 = client1.GetContainer("Regional", "Infra");
            var ret = c1.ReadItemAsync<InfraDoc>("***", new PartitionKey("lgn-rcp::LegionStamp")).Result;

Expected behavior A clear and concise description of what you expected to happen.

No error happens

Actual behavior Provide a description of the actual behavior observed.

Error happens

Environment summary SDK Version: OS Version (e.g. Windows, Linux, MacOSX)

Additional context Add any other context about the problem here (for example, complete stack traces or logs).