To add additional claims to a JWT access token in Ory, you can use the following code during consent acceptance:

javascript import { Configuration, OAuth2Api } from "@ory/client"      const ory = new OAuth2Api(    new Configuration({    basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,    accessToken: process.env.ORY_API_KEY,    }),   )      export async function acceptConsent(consentChallenge: string) {    const { data } = await ory.getOAuth2ConsentRequest({ consentChallenge })       return await ory    .acceptOAuth2ConsentRequest({    consentChallenge: consentChallenge,    acceptOAuth2ConsentRequest: {    session: {    access_token: {    some_custom_claim: "some_custom_value",    },    id_token: {    id_custom_claim: "some_value",    },    },    },    })    .then(({ data }) => data)   }

This will result in an access token with the following structure:

json {    sub: "...",    // ...    ext: {    some_custom_claim: "some_custom_value",    },    // ...   }

If you want

some_custom_claim

to be added to the top level (instead of a nested level) in the access token, you need to modify the

/oauth2/allowed_top_level_claims

configuration:

bash ory patch oauth2-config {project.id} \    --replace "/oauth2/allowed_top_level_claims=[\"some_custom_claim\"]"

This will result in an access token with the following structure:

json {    "sub": "...",    // ...    "some_custom_claim": "some_custom_value",    "ext": {    "some_custom_claim": "some_custom_value"    }    // ...   }

Please note that required JWT claims can't be overwritten by custom claims. [Source](https://www.ory.sh/docs/oauth2-oidc/jwt-access-token#custom-consent-ui-and-custom-claims-for-jwt-access-token)