@kelvin.lo when you say you do not get an id_token, what do you get in return? if you are using Authorization Code Grant then you get an Authorization code, which can exchange that for an access_token and id_token (steps here) and you should be able to specify any of the standard claims (openid, profile). Is it possible for you to share your code? It is odd that you would have unexpected behavior using those two claims. Do you have any Rules setup currently? Lastly, any additional scopes/custom claims can be added to the token via a rule and namespaced (example here).