Thanks for your detailed question. To confirm, your application is using OpenId Connect for third party logins and a lambda to reconcile the id_token for the users permissions? Since changing your return type from 'id_token token' to 'id_token' you are no longer getting a 502 from the service provider but the lambda is no longer reconciling?
Just want to confirm that your application settings for JWT:
Access Token signing key -> HS256
Id Token signing key -> OpenID Connect compiant HMAC using SHA-256 (HS256)
You mentioned the response type was originally set to response_type=id_token token for the oauth2/authorize endpoint. What grant type are you using?
The id_token has only been accessible since version 1.31.0 for OpenID Connect Reconcile lambda. Additionally, the id_token is signed by an asymetric key-pair, it will not be availble to the Lambda. Are you able to print the contents of the id_token inside your lambda or any other meaningful errors?
For more meaningful logs with your AKS, I suggest you look into Log Analytics workspace.
Please let us know if you are able to get more meaningful logs from the above.
Are you able to log the properties that are breaking your code such as jwt.dealer_number?
Looking through the release notes, if you are trying to use Graal JS, be aware that ECMA 6 features you can't be used. Nashorn only supports ECMA 5.1.
Please see the release notes for more details and search GraalJS. Please remove any ES6 features and let us know if you are able to reconcile the lambda.
Please see the release notes for more details:
Finally, I would review the console section for lambdas to make sure you are able to access the debug method - please ensure you have enabled debugging in the admin dashboard under Customizations > Lambdas > Your lambda > Debug enabled.
If the above does not resolve your issue, please open a ticket here: