Forwarding OAuth identity

I would like to use Haproxy as a frontend for my application which doesn’t do any authentication by itself. A user would log into Grafana using OAuth and the Forward OAuth Identity feature should pass on the user’s OAuth to Haproxy.

These are the id_token fields I receive on Grafana from my Ping Identity SSO platform.

  "sub": "myuser",
  "aud": "grafana-oauth2",
  "jti": "xxxxxxxxxxxxxxxxxxxxxx",
  "iss": "",
  "iat": 1606876939,
  "exp": 1606877239,
  "auth_time": 1606876918,
  "firstName": "John",
  "lastName": "Doe",
  "emailAddress": "",
  "firmId": "xxxx",
  "loginType": "100",
  "given_name": "John",
  "family_name": "Doe",
  "uuid": "1234567"

On Haproxy, after decoding the received JWT token using (confirmed with, I get the following fields. At the same time the signature in the forwarded JWT token doesn’t match it’s header and payload and the Lua script throws a Signature not valid. exception.

Decoded JWT header: { ["pi.atm"] = qoof,["alg"] = RS256,["kid"] = someCert,} 
Decoded JWT payload: { ["exp"] = 1606963038,["username"] = myuser,["scope"] = { [1] = openid,[2] = profile,[3] = email,} ,["accesslevels"] = NO_ACCESS_DATA,["client_id"] = grafana-oauth2,["employeeid"] = 1234567,["sessionId"] = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxx-x,} 

Why are the forwarded fields different between what I received from the SSO platform and what is forwarded from Grafana to Haproxy? How can I forward the original fields from Grafana to Haproxy?