We use the Bearer Token Flow in Goole Cloud: Our partners/customers create JWTs, sign them with a private key and then send them to Google. Google returns a JWT that the partners/customers then use to consume our APIs.
We would now like to allow those partners to add a custom claim to the JWT. We just need one more well defined claim, nothing else. The JWT returned by google ignores our custom claims, they are simply not part of the final JWT we get.
How to allow partners to set a custom claim when signing their bearer token with Google?
Custom claims cannot be added when requesting Google issued OAuth Access Tokens.
Custom claims can be added when requesting Google issued OAuth Identity Tokens.
However, based upon your question, your partner is generating Signed JWTs from service accounts, exchanging the Signed JWT for an Access Token, so the answer is you cannot.