How to use AppRegistration API roles in Blazor Wasm

I'm probably misunderstanding this, but after many days I need to ask for help.

I created an AppRegistration for my Web application (Blazor wasm) and then I created another AppRegistration for my API application (Function).

In my API's AppRegistration I created two roles: User.Read and User.WriteRead, I also created an API.ACCESS scope, I gave the appropriate permissions to my Web AppRegistration and whenever I log in I get the token correctly, when I make a call to my API I get the scp correctly.

About the Roles: I created a Group called HR, in this group I added the role of my API AppRegistration: User.Read and then I added a user to this group.

When I log in as a user, my token does not have any reference to the role, neither in the Id Token nor in the AccessToken. When I make the first request to my API, the User.Read role appears in my AccessToken, which is great, because my API validates the role in a specific function (Get User).

The problem is that I would like to hide the Get User button in my Blazor, but this is not possible, because I do not have the role in my login, and even when I make the request to my API and get it in the AccessToken, the AuthorizationView only looks at the Id Token.

The only way I found to do this is to create a role in the AppRegistration WEB with the identical name User.Read and assign this role to the group. This way it works, but I have several APIs. Do I need to replicate all the roles in my AppRegistration WEB? Or am I really doing something wrong? This would be horrible.

services.AddMsalAuthentication(options =>{    options.ProviderOptions.Authentication.Authority = azureEntraSettings.Authority;    options.ProviderOptions.Authentication.ClientId = azureEntraSettings.ClientId;    options.ProviderOptions.Authentication.ValidateAuthority = azureEntraSettings.ValidateAuthority;    options.ProviderOptions.LoginMode = azureEntraSettings.LoginMode ?? "Redirect";    foreach (var application in azureEntraSettings.Applications)        foreach (var scope in application.Value.Scopes)            options.ProviderOptions.AdditionalScopesToConsent.Add(scope);});