This is a short reminder post, mostly for my self, since I stumbled across this issue several times. If you are missing all user claims in the id_token, check if the property AlwaysIncludeUserClaimsInIdToken is set to true on the client.