Yes, it is possible to pass information from the token endpoint using the client credentials flow to the claims customization webhook in Ory. When a client uses the client credentials flow to request a token, Ory will call your registered webhook endpoint with a JSON payload containing information about the OAuth client and the session. This payload includes details such as the client ID, granted scopes, and other relevant request data. You can use this information in your webhook handler to customize the claims in the issued tokens. For example, the webhook payload will include a structure like:

json {   "session": {     "client_id": "app-client",     // ...   },   "request": {     "client_id": "app-client",     "granted_scopes": ["offline", "openid", "hydra.*"],     "grant_types": ["client_credentials"],     // ...   } }

Your webhook can then respond with custom claims to be included in the access token or ID token. This mechanism works for all grant types, including client credentials flow. If you want to modify the claims, your webhook should return a 200 status code with a JSON body specifying the custom claims to be added to the tokens. If you do not want to modify the claims, simply return a 204 status code with an empty body. If you want to deny the token exchange, return a 403 status code [Customizing claims with OAuth2 webhooks](https://www.ory.sh/docs/hydra/guides/claims-at-refresh#responding-to-the-webhook). In summary, the client credentials flow can pass information to the claims customization webhook, and you can use this information to adjust the claims in the tokens as needed.

I'm sorry, but the knowledge sources do not explicitly mention a supported way to pass a custom JSON object as an additional URL-encoded field in the client credentials token endpoint request and have it forwarded to the claims customization webhook. The documented webhook payload for the token endpoint includes standard OAuth2 fields such as

client_id

,

granted_scopes

, and

grant_types

, but there is no reference to arbitrary custom fields from the token request being included in the webhook payload. The only mention of custom data being passed through to webhooks is in the context of identity flows (such as registration), where a

transient_payload

can be used, but this is not described for the OAuth2 token endpoint or client credentials flow [Customizing claims with OAuth2 webhooks](https://www.ory.sh/docs/hydra/guides/claims-at-refresh). If you need to include custom data in the webhook payload for the client credentials flow, you may need to encode that information in a way that is recognized by Ory (for example, as part of the client metadata or scopes), but this approach is not documented in the provided sources. If this is a critical requirement, I recommend reaching out to Ory support or opening a feature request for clarification or enhancement.