Im not really sure if I’m right but the documentation is little bit unclear in my opinion.
Do rules only apply for a connection when a user is authenticated?
“Adding custom claims” seems to require to write a rule. We do not want to add custom claims programmatically on our side.
My question is now: Is the user object simply null when a token is issued to a resource server?
As far as I can see rules will not be applied tokens issued with client_credentials grant type. Is that right? How do we add custom claims then to the access token?
Thanks for you help in advance.