Custom user storage provider - Groups VS Roles


I wanted to ask, if it better to implement returning groups or directly roles in the custom user storage provider.

Groups seems to be pretty straight forward, but require additional step of tighing groups to roles.

The problem with roles I see, that getRoles method consider also the client scope and I would like to avoid to implement that logic myself.