Adding claims to an Azure B2C token

What are the ways to include user requirements (user subscriptions or a list of roles as an example) in the token before its release in Azure AD B2C, provided that the claims are stored somewhere on your own server (not available in B2C)? The goal is to have claims in the token in order to avoid an additional round trip to the store for each request.

Research on this topic led me to the following paths:

• Add custom attribute via Graph API, configure for inclusion in JWT. Attribute values ​​must be kept in sync with our data warehouse.

• User login policy as in this article https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-rest-api-step-custom , but if I am correct I understand that an additional step 6 is user access to the public API in unlimited form (a request that is not protected by a secret can be used to receive user statements submitted by UserId)?

• IdentityServer4 Federation gateway http://docs.identityserver.io/en/release/topics/federation_gateway.html , which will add any claims before the release.