We are looking how to add custom claims to an access token after the authentication has completed.
So the scenario would be a user who has registered with our site for one service, then wants to access a different service e.g. they have created an account for X, but when trying to get to Y, they need to provide additional information. e.g. address. In this case we would want to register the authenticated guests address and then update the access token to include the new claim.
How should we go about this? Should we use custom actions to redirect the user to update their details before completing authentication?