[keycloak-user] Authenticated Protocol Mapper?

Hi, I’d like to deploy a custom OIDC Protocol Mapper that is itself a client of Keycloak. Is this possible? The objective is for the mapper to be able to call an API that is protected also by Keycloak. The current approach was for the mapper to use the Client Credentials flow to authenticate, exchange the access token for one for the API client, and use it to call the API. This works OK until I deploy the mapper to Keycloak, where it throws various exceptions and does not seem to attempt the Client Credentials flow. Any guidance, including alternative approaches, would be appreciated! Cheers, Hannah