Claim Mapping for OIDC Connections

I have set up an Enterprise connection using OpenID Connect to an Okta server. They have told us that the claims they send during login include a claim that is a collection of strings, but I can’t see this data anywhere in the monitoring logs or user Raw JSON. They are using a back channel (code) so I am not able to see the id token in my browser. I see reference to claim mapping for OIDC Connections in the documentation but I have no idea if this is what I need or where to even use it. The claim name is also not listed in their okta server’s discovery document so I don’t know if I can believe they are even sending this claim. Can anyone guide me in the right direction?

You can write a custom Auth0 Rule to map the incoming claim to Auth0 user metadata or user profile fields. Use context.idToken or context.accessToken to modify the user’s tokens after login.

I added a Rule as below:

  function (user, context, callback) {
    console.log("---log incoming claims -idToken", context.idToken);
    return callback(null, user, context);

And after a login, the log shows as below:

  10:50:11 AM:  ---log incoming claims -idToken {}
  10:50:11 AM:  finished webtask request

This appears like the context.idToken is not available then? Any more suggestions for how I could access that information?

I also tried context.accessToken with the same result - i.e. no data. I also tried adding an action to log the event during Login and it showed all the information about the login (e.g. user, request, geoip, tenant, connection, transaction) but no ID Token or claims.