I would like to know if it is possible to return the accessToken in the idToken of a rule.
This would be convenient to be able to fetch the access token from the user profile.
Although I’m not sure if this is secure.
I tried doing
context.idToken['https://app.twikies.com/token'] = context.accessToken;
but when I call the handleProfile function it sends me an empty object on that field 'https://app.twikies.com/token'
I wonder if this is a security measure that the real accessToken isn’t exposed inside the rule