Hi,
We are using Auth0 JWT based access_tokens to call our microservices. Now we want to include some additional info into it.
[ { "profile_type":"ArtistProfile", "profile_name":"my artist view", "profile_id":1346777, "roles":[ "analytics" ] }, { "profile_type":"LabelProfile", "profile_name":"my company wide view", "profile_id":6918, "roles":[ "analytics", "catalog", "accounting" ] } ]
These are user profiles / personas.
Question: Is it ok to send below profile info in access_token as Auth0 custom claims? We will be sending this token to our microservices. Does this violate any security standards as doc says keep access token free of user info and put them in id_token.