Hey there @smnbnt!
Not sure if I understood you correctly so let me clarify a bit. The claims should be in the JWT token and if you send them to your web app, you should be able to see them.
To give you a wide overview. The end result of an Auth0 authentication will be either an access token, an ID token, or a code.
If you are using a code, you can exchange it for an access/ID token, and then the access token can be exchanged for the user profile.
If yo are using an Access Token, you can directly exchange it for the user profile.
If you are using an ID Token, the ID Token will contain information with regards to the requested OIDC scopes when doing the authentication.
All of them will contain some user information, and the idea is that you will only be getting back what you’re requesting in scopes. For a full profile, you request
openid email profile, if you just want the email you request
email and so on.
Now, with tokens, you only get back OIDC standard claims, which means that you get back a set of standard claims that conform to OIDC standards. If you want to get anything else than that in your tokens that is not standard, you would have to create custom claims (https://auth0.com/docs/api-auth/tutorials/adoption/scope-custom-claims#custom-claims)
Rules You can enrich your Access/ID Tokens through a rule, where you can read other profile properties or even app/user metadata.
Hope it helps!