I understand the authorization request must be submitted to the tenant domain. I may have misunderstood when you said:
I interpreted this like “the custom claim will be added to the access token if the value of namespace matches the value of <Domain> (the tenant domain name).” Is that the correct interpretation?
Thank you for your help!