Applications may choose to forward the Dex access token to the backend for authentication / authorization. If backend systems integrate with other HSP services they require an IAM accessToken. We should look into adding this token as a claim, perhaps based on a scope