I have an application where users can have different roles within various companies. To manage this, I use post-login actions to redirect users to a page where they can choose a company (filtered based on user). Once a user selects a company, I enrich their token with a custom claim (roles), which works perfectly.
However, I encounter an issue when the token is refreshed: my custom claim (role for selected company during) no longer appears in the access token.