Custom JWT claims are non-registered public or private claims. Public claims are collision resistant while private are subject to possible collision.
You can:
- Add a user’s email address to an Access Token and use that to uniquely identify the user.
- Add custom information stored in an Auth0 user profile to an ID Token.