Authentication tokens exist to answer one question: is this caller authorized to do this?
They are not intended to be a stable data interface, a schema you can depend on, or an input into application logic.
If your application decodes tokens and reads claims from them, this is an important heads-up.
Token Claims Were Never Guaranteed
Although tokens may appear readable today, that was never a promise.