Question: Dynamic Providers... Custom claim transformation via ClaimActions are not being applied

[omon77]

Which version of Duende IdentityServer are you using?
v7.0.7
Which version of .NET are you using?
.NET8

Question
As a follow-up on #1381...
Using Dynamic Providers, having configured a custom OidcConfigureOptions that derives from ConfigureAuthenticationOptions<OpenIdConnectOptions, OidcProvider>, I am not getting claims configured with ClaimActions.Map*JsonKey(...)
I see them in the id_token received from external provider, but the mapping doesn't occur...

Tried with ClaimActions.MapAll() as well as without it, as well as MapInboundClaims = false (as well as true)...

I am missing something, just not sure what...

Additional context
We are an Enterprise license customer.

I sent additional information via email.

[AndersAbel]

What upstream provider are you using? From the email it looks like the claims you need are in the id_token, but not in the user info response. Duende IdentityServer in a default configuration would not behave that way, but I think Microsoft's providers do put more information in the id_token and not very much in the user info response.

[omon77]

In this particular scenario, we're using Microsoft Entra (former Azure Active Directory).

Is there a recommend/prescribed way to handle this aside from identifying specific external schemes and manually transforming the upstream id_token?