Well, I found the solution...
It's in fact simple
var identityBuilder = services.AddIdentityServer();
identityBuilder
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>(options =>
{
options.IdentityResources["openid"].UserClaims.Add("role"); // Roles
options.ApiResources.Single().UserClaims.Add("role");
options.IdentityResources["openid"].UserClaims.Add("custom_claim"); // Custom Claim
options.ApiResources.Single().UserClaims.Add("custom_claim");
options.IdentityResources["openid"].UserClaims.Add("custom_claim2"); // Custom Claim
options.ApiResources.Single().UserClaims.Add("custom_claim2");
options.IdentityResources["openid"].UserClaims.Add("Application.Permission"); // Custom Claim
options.ApiResources.Single().UserClaims.Add("Application.Permission");
});
var key = new RsaSecurityKey(RSA.Create(2048))
{
KeyId = Guid.NewGuid().ToString()
};
identityBuilder.AddSigningCredential(new SigningCredentials(key, SecurityAlgorithms.RsaSsaPssSha256));