Many solutions that provide REST APIs require access to token claims that are not available in the IAM server by default. For the IAM server to be usable in more complex environments, it needs to support custom claims.
These claims can be static, but ideally it should be possible to compute them dynamically based on e.g. response from the LDAP or from the upstream OP. The claims should be available from the token introspection endpoint and in ID tokens. Typical examples are "roles" claim in access tokens and "acr" in ID tokens, but private claims must be supported as well.