I’m using this in Airflow (fab oidc). From what I can tell, if the claim is not present in the token, it will try to get the info from /userinfo endpoint.
But apart from the app, I also tried this in the Okta admin portal.
I got the token there for the same user and authorization server and it was missing the above claims.
Not sure what I’m missing here.