Hello @kvirk welcome to the community!
While not “officially” supported (see this feedback request) - You’re on the right track in terms of what you can achieve with Auth0.
I assume you mean the associated third party app in this case? If so, you might want to look into using an M2M flow action in order to add a custom claim. Taking advantage of app_metadata could work in this use case.
Hope this helps!