When I use the authorization code flow. The returned identity token does not include the requested custom scopes. These scopes are configured for both the api and the user. When using the implicit flow the scopes are included in the returned token.
Does the authorization code flow behave differently in this regard ?
Or perhaps there some error in configuration ?
Any help would be appreciated.