Hi @flarocca welcome back!
Since you mentioned using the Authorization Code Flow, are you using one of our SDK’s and if not can you confirm the steps you took match our recommended implementation as outlined here? I’ve also include a link to our guide on adding User login with Authorization Code Flow here.
Please review those documents, and get back to me where in that process your application seems to be breaking. To your point about scopes, are you adding custom claims that aren’t appearing in your access token, and are you executing this within a rule once the user has logged in?
Thanks for looking over my questions and documentation, hopefully this helps clarify some things.
Best Regards,
Colin