We are exposing some APIs which are protected by checking for OAuth2 access tokens.
Some clients should access these APIs but apparently their easiest authentication with Azure-AD is using some module based on SAML (the apps are built on Mendix platform).
Is there a way for them to obtain a JWT access token for a user whoch has been authenticated using SAML?