@stephan I have an idea, but not 100% sure it would work. It still involves using a lambda but you would not need to use the HTTP Connect function of the lambda to call the API so I think it will still work in that respect. Maybe this will help you come up with an even better idea. Here is the gist.
User logs in and is Authenticated
On your application server, use the FusionAuth APIs to push the user IP address to the user.data in FusionAuth
Create a Populate JWT lambda that pulls in the user data, specifically the ip address
refresh the token
once the token is refreshed test for the IP address
The part I am not 100% sure on is if the refresh token will add the new Data. I think it will, but you will have to test it out.
Also, I think I may have read your initial question wrong, I am not super clear on the "JWT token comes from the IP that it was issued to". Do you mean you need the users IP or the IP of the machine that issues the JWT (FusionAuth server)? My assumption was the users IP.
If it is the FusionAuth server, you could do something like create a little service that pings the FusionAuth server address and updates all the users user.data with the address and then create the JWT Populate lambda to pull that info.
Also, if you need the address of the FusionAuth server and it does not change, you could just hard code that into the JWT Populate lambda. Of course, if the IP address every changes, your users will see the wrong address until you update.
In any case here are some links on how to populate user data in with the JWT Populate lambda.
https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate
https://fusionauth.io/blog/sharing-custom-oauth-claims-with-a-asp-netcore-app
I don't think any of these are great solutions, but may provide a workaround for what you need.
Please let me know if this helps.