chore: add custom claims to management token

Adds custom claims to the access and ID tokens for the 
management API. This modification allows the inclusion 
of specific claims in the tokens, improving the 
flexibility and security of the authentication process. 
The claims are added to support better access control 
and user identification.

app.js

@@ -66,24 +66,30 @@ app
 app.post('/oauth/token', async (req, res) => {
   const date = Math.floor(Date.now() / 1000)
   if (req.body.grant_type === 'client_credentials' && req.body.client_id) {
-    const accessToken = await signToken({
-      iss: jwksOrigin,
-      aud: [audience],
-      sub: 'auth0|management',
-      iat: date,
-      exp: date + 7200,
-      azp: req.body.client_id
-    })
+    const claim = {}
+    claim[adminCustomClaim] = true
+    const accessToken = await signToken(
+      addCustomClaims('management@example.org', [claim], {
+        iss: jwksOrigin,
+        aud: [audience],
+        sub: 'auth0|management',
+        iat: date,
+        exp: date + 7200,
+        azp: req.body.client_id
+      })
+    )
 
-    const idToken = await signToken({
-      iss: jwksOrigin,
-      aud: req.body.client_id,
-      sub: 'auth0|management',
-      iat: date,
-      exp: date + 7200,
-      azp: req.body.client_id,
-      name: 'Management API'
-    })
+    const idToken = await signToken(
+      addCustomClaims('management@example.org', [claim], {
+        iss: jwksOrigin,
+        aud: req.body.client_id,
+        sub: 'auth0|management',
+        iat: date,
+        exp: date + 7200,
+        azp: req.body.client_id,
+        name: 'Management API'
+      })
+    )
 
     debug('Signed token for management API')