Hi I was wondering if others had some input for me on https://issues.jboss.org/browse/KEYCLOAK-4765 ? In my use case, we have parts of our app that already use the query param "access_token". These values are not a RSA signed bearer. I've locally modified the client adapter code to disable checking for this header, per deployment. I'm not sure that's the right approach. Would it make more sense to ignore invalid access_tokens in Keycloak (and make that configurable)? Or other ideas? John