Hello everyone, I'm currently working to generate custom jwt token when someone is authenticated to the system. I'm using the authenticator

oauth2_client_credentials

that returns an access token, then I would like to use the mutator

id_token

to create a new token based on the information inside the access token. It seems that they are not found since I get empty strings, is it something possible to do ? Thanks !

Could you share further informatin regarding on how you're implemeting the mutation token? We were able to make this work correctly, so may we can give you a hand

Yes sorry, here is the rule I am using :

"authenticators": [
    {
      "handler": "oauth2_client_credentials",
      "config": {
        "token_url": "<http://URL/oauth2/token>"
      }
    }
  ],
  "authorizer": {
    "handler": "allow"
    },
  "mutators": [
    {
      "handler": "id_token",
      "config": {
        "claims": "{\"aud\":\"{{ print .Extra.aud }}\", \"oid\":\"{{ print .Extra.oid }}\", \"appid\":\"{{ print .Extra.appid}}\"}"
      }
    }
  ]

And here is an example of the content of the access_token I'm receiving from the authenticator ( it is a custom token that I'm generating) :

{
  "oid": "46da9f76-b62a-46ac-86af-4464086515c4",
  "appid": "46da9f76-b62a-46ac-86af-4464086515c4",
  "exp": 1687258626,
  "iss": "MyIssuer",
  "aud": "MyAudience"
}

I'm using the same id_token configuration to generate token for other rules but using JWT as the authenticator with an access_token coming from the Azure AD and it works fine. I believe that in my case, it is reading the Basic Authorization token in the incoming request and doesn't use the bearer token issued by the authenticator, is it the expected behaviour ?