Hi, Do I need to add user metadata by hand to the access token as custom claim?

Hey. Yes, you do.

ok thanks. Is it somehow "bad" practice to use user metadata to store invitation pins? I update_user_metadata(pin, some dict) to store it. I checked the database layout and it should be ok. Also I store "real" user metadata after signup. I somehow want to avoid to need a connection to our project database, because If i can handle anything auth related using supertokens and I can create a service to check the JWT using JWKS and add the custom claims to the request header. Then I should have a loose coupling because the application just uses the header. I guess this should work right?

> Is it somehow "bad" practice to use user metadata to store invitation pins? It's not an issue if you only want to fetch invitation pins based on userIds - since metadata fields are not searchable.

yes thats totally fine for me