Yes, you can add the user identifier to the JWT access token in Ory. When accepting a consent request, you can include custom claims—such as a user identifier—in the access token by specifying them in the

session.access_token

object. For example:

js import { Configuration, OAuth2Api } from "@ory/client"  const ory = new OAuth2Api(   new Configuration({     basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,     accessToken: process.env.ORY_API_KEY,   }), )  export async function acceptConsent(consentChallenge) {   return await ory.acceptOAuth2ConsentRequest({     consentChallenge,     acceptOAuth2ConsentRequest: {       session: {         access_token: {           user_id: "the-user-identifier", // Add your user identifier here         },       },     },   }) }

This will result in a JWT access token containing your custom claim (e.g.,

user_id

). By default, custom claims are nested under the

ext

claim, but you can configure Ory to place them at the top level of the token if needed by updating the

/oauth2/allowed_top_level_claims

configuration. For example:

sh ory patch oauth2-config --project <project-id> --workspace <workspace-id> \   --replace "/oauth2/allowed_top_level_claims=[\"user_id\"]"

This ensures the

user_id

appears as a top-level claim in the JWT access token. Note that required JWT claims (such as

sub

) cannot be overwritten by custom claims, but you can add additional identifiers as custom claims as shown above [Custom consent UI and custom claims for (JWT) access token](https://www.ory.sh/docs/oauth2-oidc/jwt-access-token#custom-consent-ui-and-custom-claims-for-jwt-access-token). If you want the

sub

(subject) claim to be a specific identifier (such as an external user ID), you can configure Ory Kratos to use the

external_id

as the source for the

sub

claim in JWTs [External Identifiers](https://www.ory.sh/docs/kratos/manage-identities/external-id).

@chilly-king-10285 I want to have identity.traits.username in my JWT access token is taht possible?

Yes, it is possible to include

identity.traits.username

in your JWT access token, but it requires customization. By default, Ory includes certain claims in the access token, such as

sub

(the identity ID),

client_id

,

scope

, and

aud

. The username is not included by default, except as

ext.username

when using the Resource Owner Password Credentials Grant, where the username used for authentication is added to the

ext

field of the access token [OAuth2 resource owner password credentials grant](https://www.ory.sh/docs/oauth2-oidc/resource-owner-password-grant). For other OAuth2 flows, to include custom claims like

identity.traits.username

in the JWT access token, you need to use a custom consent UI or a webhook to add the claim during the consent acceptance step. You can add any custom claim to the access token by specifying it in the

session.access_token

object when accepting the consent request. For example:

js acceptOAuth2ConsentRequest: {   session: {     access_token: {       username: "the-username-value"     }   } }

This will add the

username

claim to the access token. By default, custom claims are nested under the

ext

field, but you can configure Ory to allow specific claims at the top level using the

/oauth2/allowed_top_level_claims

setting [Custom consent UI and custom claims for (JWT) access token](https://www.ory.sh/docs/oauth2-oidc/jwt-access-token#custom-consent-ui-and-custom-claims-for-jwt-access-token). In summary: - Yes, you can include

identity.traits.username

in your JWT access token by customizing the consent acceptance logic. - You may need to adjust your configuration to have the claim appear at the top level if desired. If you are using the default Ory Account Experience (AX) consent UI, only a minimal set of claims is mapped by default, and more advanced mapping (such as including arbitrary traits) requires a custom consent UI or webhook [Customize OpenID Connect scope and claims](https://www.ory.sh/docs/oauth2-oidc/openid-connect-claims-scope-custom).