I am already using a client for SPA with a JWT Token which contains the custom claim app_metadata
. Therefore the client must be set to OIDC Conformant: false.
Now I tried to get a native client on iOS working but without success. On the client side I tried to provide the following scope like in my SPA client: "openid offline_access app_metadata"
but the app_metadata is not getting used. When I take a look at the logs is see the following line:
"scope": "openid profile email address phone offline_access",
Why are these scopes working on my SPA client and not my native client? I also tried to change the algorithm from “RS256” to “HS256” to see if I changes work but I still get RS256 tokens. Somehow the settings from the OAuth tab in my native client are not working.