Hi @david18,
Welcome to the Community!
Regarding the access_denied error, it’s possible that you need to update the authentication method within your application settings.
For public clients, “None” should be selected for the “Token Endpoint Authentication Method”:
You might also need to select a default directory for your tenant. This setting is located in the top-right dropdown menu. Click Settings and under “API Authorization Settings”, enter “Username-Password-Authentication” for Default Directory
This topic might be helpful as well:
also can a user access_token contain the “user_metadata”: { “TaxId”:“1234567” }
Yes, you can add user metadata properties to the Access Token or ID Token using Rules. You may want to be careful about adding any sensitive information within a JWT because the payload is base64 encoded and easy to decode.
Here is an example of adding custom claims to an Access Token and an ID Token: