Obtaining user app_metadata in the Resource Server using OIDC and Oauth v2.0

I’m struggling to clearly understand the flow of obtaining user app_metadata after an authenticated user sends a request to my Resource Server with an Access Token .

I’ve seen previous answers on Stack Overflow, but they didn’t clarify things enough.

For example, the information I need to obtain is users organizationId ( 234 ) and organizationRole ( POWER_USER ).

Can this information be loaded on the Access-Token ? If not, does this mean that my Resource Server has to call the authorization server ( Auth0 ) each time to check these parameters? B/C I see that the ID token isn’t being sent with the request.

Is this the best practice? Doesn’t this bring a latency toll to call Authorization Server to check these details on each request?