Check these:
First, make sure you're adding the authorization roles through the App's settings in the workspace where Genie will actually use it, not just where you developed it. The roles need to be set in the target workspace.
Second, try refreshing the app after adding the roles. Sometimes there's a delay in the UI updating, but the roles might actually be saved even if they don't appear immediately.
If the roles still won't stick, you might need to redeploy the app entirely. I've seen cases where the authorization configuration gets locked during deployment and won't update until you do a fresh deploy.
Also double-check that your app's authentication endpoint is responding correctly to Genie's auth requests. You can test this by hitting your app's auth endpoint directly to see if it's working as expected.
The MCP connection in Genie is pretty sensitive to auth issues, so if the "On Behalf of User" roles aren't properly configured, it'll just fail silently without much helpful error messaging.
