diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
index fd7fdf511..a0fb4437d 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
@@ -788,6 +788,11 @@ sub maybeJWT {
             $access_token_payload->{sub} = $claims->{sub};
         }
 
+        # Call hook to let the user modify payload
+        my $h = $self->p->processHook( $req, 'oidcGenerateAccessToken',
+            $access_token_payload, $rp );
+        return undef if ( $h != PE_OK );
+
         # Get signature algorithm
         my $alg = $self->conf->{oidcRPMetaDataOptions}->{$rp}
           ->{oidcRPMetaDataOptionsAccessTokenSignAlg} || "RS256";