Access OAuth2 client config in OIDC claim script

I am playing with the AM module and would like to add a new claim to the id token. This new claim needs to be encrypted with secret configured against the OAuth2Client. Is clientProperties[‘customProperties’] in the custom OIDC claim script the only way around this?

imho the entire ID Token should be encrypted, instead of a single attribute within.
Custom properties are not designed to carry secrets.
https://backstage.forgerock.com/docs/am/7.2/oidc1-guide/encrypting-oidc-idtokens.html

Thanks for the reply. The reason we need custom claim is since pairwise sub claim does not work well with CIBA flow.
Ex: Generate id token with pairwise sub claim, and if that token is used as id_token_hint for the /bc-authorize , it does not work. Reckon I have created a seperate thread for that.