2 files changed, 12 insertions, 3 deletions

diff --git a/gn_auth/auth/authorisation/users/masquerade/models.py b/gn_auth/auth/authorisation/users/masquerade/models.py
index ae2abad..a55e462 100644
--- a/gn_auth/auth/authorisation/users/masquerade/models.py
+++ b/gn_auth/auth/authorisation/users/masquerade/models.py
@@ -1,13 +1,16 @@
 """Functions for handling masquerade."""
-from uuid import uuid4
+import uuid
 from functools import wraps
 from datetime import datetime
+from authlib.jose import jwt
 
 from flask import current_app as app
 
 
 from gn_auth.auth.errors import ForbiddenAccess
 
+from gn_auth.auth.jwks import newest_jwk_with_rotation, jwks_directory
+
 from ...roles.models import user_roles
 from ....db import sqlite3 as db
 from ....authentication.users import User
@@ -55,8 +58,14 @@ def masquerade_as(
         user=masqueradee,
         expires_in=__FIVE_HOURS__,
         include_refresh_token=True)
+
+    _jwt = jwt.decode(
+        original_token.access_token,
+        newest_jwk_with_rotation(
+            jwks_directory(app),
+            int(app.config["JWKS_ROTATION_AGE_DAYS"])))
     new_token = OAuth2Token(
-        token_id=uuid4(),
+        token_id=uuid.UUID(_jwt["jti"]),
         client=original_token.client,
         token_type=token_details["token_type"],
         access_token=token_details["access_token"],
diff --git a/gn_auth/auth/authorisation/users/masquerade/views.py b/gn_auth/auth/authorisation/users/masquerade/views.py
index 71cf98d..68f19ee 100644
--- a/gn_auth/auth/authorisation/users/masquerade/views.py
+++ b/gn_auth/auth/authorisation/users/masquerade/views.py
@@ -33,7 +33,7 @@ def masquerade() -> Response:
             return new_token
         def __dump_token__(tok):
             return {
-                key: value for key, value in tok.items()
+                key: value for key, value in asdict(tok).items()
                 if key in ("access_token", "refresh_token", "expires_in",
                            "token_type")
             }