username
isn’t a standard OIDC claim (section 5.1 Final: OpenID Connect Core 1.0 incorporating errata set 1) so I believe it should be added via Rule to the ID token as custom claim.
function (user, context, callback) {
context.idToken['https://mynamespace/username'] = user.username;
callback(null, user, context);
}
Alternatively, set it as preferred_username
in a pre-user-registration hook, which is a standard claim, and request the preferred_username
scope when doing the authorization request.