The 'OTK Session Tracking' Assertion sets the ${session_output} variable which includes ${client_custom} and ${client_key_custom} obtained from the previous 'OTK Client Authentication' Assertion.
These values then can be retrieved using the 'OTK Require Oauth 2.0 Token' Assertion in your protected APIs
${session.custom} looks something like this.
You can then use 'Evaluate JSON Path Expression' Assertion to get client custom field to perform additional tasks. (for example, in my case I save the client's certificate thumbprint when the client is registered. I then make sure the same client is calling the protected APIs by mandating client certificate in request and checking its thumbprint against that is saved in the token DB. I also use custom_lifetime for client specific token lifetimes)