Hi @JohnWick,
Yes, this is to be expected because the Access Token is generated from the authorization server (from Auth0). Moreover, Access Tokens are immutable, meaning they cannot be changed after it has been created.
The recommended way of appending custom claims to the access token is to use an Auth0 Post Login Action, as you have discovered.
I recommend checking out our Adding custom claims to tokens FAQ to learn more about appending custom claims to tokens.
Please let me know if you have any additional questions.
Thanks,
Rueben