diff --git a/lib/gitlab/ci/jwt_v2.rb b/lib/gitlab/ci/jwt_v2.rb
index 29beba4774a1ce3e8368c340467a9ea2f5e43eee..2c61b0fd23699be153e529d894aef8cb7bfa0a91 100644
--- a/lib/gitlab/ci/jwt_v2.rb
+++ b/lib/gitlab/ci/jwt_v2.rb
@@ -27,11 +27,24 @@ def reserved_claims
         super.merge({
           iss: Settings.gitlab.base_url,
           sub: "project_path:#{project.full_path}:ref_type:#{ref_type}:ref:#{source_ref}",
-          aud: aud,
-          user_identities: user_identities
+          aud: aud
         }.compact)
       end
 
+      def custom_claims
+        additional_custom_claims = {
+          runner_id: runner&.id,
+          runner_environment: runner_environment,
+          sha: pipeline.sha,
+          project_visibility: Gitlab::VisibilityLevel.string_level(project.visibility_level),
+          user_identities: user_identities
+        }.compact
+
+        mapper = ClaimMapper.new(project_config, pipeline)
+
+        super.merge(additional_custom_claims).merge(mapper.to_h)
+      end
+
       def user_identities
         return unless user&.pass_user_identities_to_ci_jwt
 
@@ -43,17 +56,6 @@ def user_identities
         end
       end
 
-      def custom_claims
-        mapper = ClaimMapper.new(project_config, pipeline)
-
-        super.merge({
-          runner_id: runner&.id,
-          runner_environment: runner_environment,
-          sha: pipeline.sha,
-          project_visibility: Gitlab::VisibilityLevel.string_level(project.visibility_level)
-        }).merge(mapper.to_h)
-      end
-
       def project_config
         Gitlab::Ci::ProjectConfig.new(
           project: project,