I’m using a rule to add an
email_verified property into the access token. If I add it as a custom claim (e.g.
http://mydomain/email_verified) it works fine, however if I add it just as
email_verified, it gets dropped.
email_verified is an OIDC standard claim (it’s in the list at https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims), I’m wondering why it’s being dropped.
Is it only possible to add custom claims to the access token, not standard claims? Can you only add standard claims to id tokens? Anybody know why this is?