Add value to jwt token in device auth flow using hooks

We currently use the M2M app to authenticate client’s CLI’s. We have several tenants, hence we add a tenant value to our JWT token to use that in our backend. However, we want to allow our clients to sign in with their SSO.
So we are developing a setup in which we use a native app and then utilitze the device code auth flow. The CLI triggers a browser window to open which then enables the user to sign in with their enterprise auth provider using the enterprise connections. So far so good.

Unfortunately, we can’t use the same hook anymore that we used before to add the tenant to our JWT. This is because apparently, the hook is not triggered when retrieving a token using the device code flow.

So the question: How do we add a value to the token in this flow? How can we add an ID to the token that the backend can use to determine which tenant the use is authenticated for?