I understand that you have added custom claims to an access token but were not able to see them in the token.
After looking closely at the code snippet you shared, I noticed that you are calling the /userinfo endpoint with the token you obtained from the login flow. In this situation, the audience parameter was never passed in the login request which results in opaque access tokens.
These tokens do not contain custom claims.
To get the custom claims, you must specify an API identifier in the login request as your audience query parameter.
I see, thanks for the speedy reply! From the docs it seems like the audience would be for an api we’ve built but that the audience for userinfo always results in an opaque token.
If we don’t have a custom api I’m trying to access and I just want to access the app_metadata for a user, is it better to add it to the idToken since that’s already in JWT format (i.e. once we have the token we can access it without any additional api calls)?