I have an internal app that allows users to sign in using Azure AD. On authentication, a SAML assertion is returned. However, some of the calls that the application makes require a JWT. WHat is the best way for me to get a JWT when a user signs in? Or is there a way for me to exchange the SAML for a JWT?