Fixes #17317
Fixes #17649

Thanks @caleblloyd, @AlbertoPa, @hakenr, and @denmitchell.

Internal Review Topic (links to Name and role claim with API authorization section) ... and see the following new section here on Profile Service.

Some of the ask on #17317 was worked on prior PRs. The parts that pertain to Identity Server are on this PR.

The guidance on the PR only supports ONE role per authenticated user. I ran into a problem trying to use the factory pattern for multiple roles. If all you want to do is support one role per user right now, then the PR is fine for now, and we can ignore what follows here 👇.

If you want to know what's failing ........

No factory

👍 RESOLVED ... Single role without a factory works. The app receives a role claim with a string role value. The PR covers this scenario.

Factory pattern

For multiple roles in a role claim ...

"role": [ "role1", "role2" ]

... a factory that parses the JSON works, but this isn't what we want to show. See: #17649 (comment) for @hakenr's approach.

When a factory is implemented without directly parsing JSON (the code for the factory is commented out on the PR to hold it for now) ...

👍 RESOLVED ... When the user has no assigned role (no role claim), account.Roles in the factory is null and so the factory throws. To resolve it, the Roles property in CustomUserAccount is set to an empty string array:

public class CustomUserAccount : RemoteUserAccount
{
    [JsonPropertyName("role")]
    public string[] Roles { get; set; } = new string[0];
}

... let me know if you prefer an alternate approach.

👍 RESOLVED ... When the user has two or more roles ...

"role": [ "role1", "role2" ]

... the factory works and creates a separate role claim for each role. 🎸

💥 BROKEN 💥 ... When the user only has one assigned role in a string (not an array) ...

"role": "role1"

... the factory approach breaks with ...

Unhandled exception rendering component: An exception occurred executing JS interop: The JSON value could not be converted to System.String. Path: $.role[0] | LineNumber: 0 | BytePositionInLine: 181.. See InnerException for more details.
Microsoft.JSInterop.JSException: An exception occurred executing JS interop: The JSON value could not be converted to System.String. Path: $.role[0] | LineNumber: 0 | BytePositionInLine: 181.. See InnerException for more details. --- System.Text.Json.JsonException: The JSON value could not be converted to System.String. Path: $.role[0] | LineNumber: 0 | BytePositionInLine: 181.
at System.Text.Json.ThrowHelper.ThrowJsonException_DeserializeUnableToConvertValue (System.Type propertyType) <0x2fb6d70 + 0x0002c> in :0
at System.Text.Json.JsonPropertyInfo.Read (System.Text.Json.JsonTokenType tokenType, System.Text.Json.ReadStack& state, System.Text.Json.Utf8JsonReader& reader) <0x2fa1238 + 0x00044> in :0
at System.Text.Json.JsonSerializer.HandleValue (System.Text.Json.JsonTokenType tokenType, System.Text.Json.JsonSerializerOptions options, System.Text.Json.Utf8JsonReader& reader, System.Text.Json.ReadStack& state) <0x2fa0fc8 + 0x000a0> in :0
at System.Text.Json.JsonSerializer.ReadCore (System.Text.Json.JsonSerializerOptions options, System.Text.Json.Utf8JsonReader& reader, System.Text.Json.ReadStack& readStack) <0x2e69f08 + 0x0034c> in :0
at System.Text.Json.JsonSerializer.ReadValueCore (System.Text.Json.JsonSerializerOptions options, System.Text.Json.Utf8JsonReader& reader, System.Text.Json.ReadStack& readStack) <0x2e68d38 + 0x00548> in :0
at System.Text.Json.JsonSerializer.ReadValueCore (System.Text.Json.Utf8JsonReader& reader, System.Type returnType, System.Text.Json.JsonSerializerOptions options) <0x2e61360 + 0x0003e> in :0
at System.Text.Json.JsonSerializer.Deserialize (System.Text.Json.Utf8JsonReader& reader, System.Type returnType, System.Text.Json.JsonSerializerOptions options) <0x2e611c0 + 0x00024> in :0
at Microsoft.JSInterop.JSRuntime.EndInvokeJS (System.Int64 taskId, System.Boolean succeeded, System.Text.Json.Utf8JsonReader& jsonReader) <0x2e50d40 + 0x00050> in :0