# Enrich Access and ID Token

div
div
Client SDK
div
Sub-journey
> Allows adding custom data to the OIDC tokens


## Description

This step is used to add information that can be utilized by the relying party as part of the returned access or ID token. These pieces of information can be added as fully customizable key-value pairs, allowing you to gather relevant data about the authentication process.

You can control where enriched claims appear in the token:

- Under a dedicated `custom_claims` object (default), which reduces the risk of collisions with standard JWT claims and provides a stable structure for token consumers.
- At the top level of the token payload, which is useful when migrating from another identity provider (for example, Okta or Auth0) or when downstream services expect claims like `loyalty_tier` or `risk_level` directly at the token root.


## Configuration

div
| Field | Description |
|  --- | --- |
| **Token type** | The token type to be enriched with custom claims (Access token, ID token, or both). |
| **Token enrichment values** | Custom key values that will be used as custom claims in the OIDC access and ID tokens. |
| **Placement** | Where to insert enriched claims in the token payload:- **custom_claims** (default): insert claims under the `custom_claims` object.- **root**: insert claims at the top level of the token payload. |


## Example

Consider a scenario where a retail company wants downstream services to know the user's loyalty tier and risk level calculated during the journey. By including these values as custom claims in the OIDC access and ID tokens, you can securely return additional information to the client application upon journey completion, providing context for authorization and business logic (for example, show premium perks for `loyalty_tier: "gold"` or require step-up actions when `risk_level` is high).

The following example uses `placement: custom_claims` and includes `loyalty_tier: "gold"` and `risk_level: "low"`:


```json
{
  "sub": "123",
  "iss": "https://userid.security",
  "custom_claims": {
    "loyalty_tier": "gold",
    "risk_level": "low"
  }
}
```

- With `placement: root`, claims are added at the token root:



```json
{
  "sub": "123",
  "iss": "https://userid.security",
  "loyalty_tier": "gold",
  "risk_level": "low"
}
```

Note
When using `placement: root`, you must never overwrite [reserved JWT claims](/openapi/id_token_reference#default-claims) such as `iss`, `sub`, `aud`, `iat`, and `exp`.