Our team heavily uses organizations as Business Users and we also embed custom claims into our access token to provide more context for each user (including RBAC permissions and then a named role). When using the management API to generate a token, these custom claims are not injected into the access token. Further, we cannot authenticate to our application using client credentials / password due to the restrictions on Business Users organizations.
We want to run a test suite in CI/CD which involves creating an organization, authenticating as a user, receiving an access token and running the whole suite, which seems impossible with the current implementation. What are we missing or how could we make this work?