One more solution can be that you can override the API as you were doing previously, but instead of changing the JWT payload like you were, you can access the ‘req.session’ object after post calling original implantation and then call the updateAccessTokenPayload function in there with what you want to add.