Comment 2 for bug 1833311

After some additional testing it looks like this is only the case when using jws tokens, fernet tokens are not affected.

The negative consequence is that the SSO callback endpoint has to perform additional parsing to get the actual token value.