diff --git a/typegate/src/services/auth/mod.ts b/typegate/src/services/auth/mod.ts
index 1e9240e26..5788f6627 100644
--- a/typegate/src/services/auth/mod.ts
+++ b/typegate/src/services/auth/mod.ts
@@ -97,7 +97,7 @@ export async function ensureJWT(
 
   const [context, nextAuth] = await auth.tokenMiddleware(
     token,
-    new URL(request.url),
+    request,
   );
   if (nextAuth !== null) {
     // "" is valid as it signal to remove the token
diff --git a/typegate/src/services/auth/protocols/basic.ts b/typegate/src/services/auth/protocols/basic.ts
index ca70fece2..aad0ec295 100644
--- a/typegate/src/services/auth/protocols/basic.ts
+++ b/typegate/src/services/auth/protocols/basic.ts
@@ -35,7 +35,7 @@ export class BasicAuth extends Protocol {
 
   tokenMiddleware(
     jwt: string,
-    _url: URL,
+    _request: Request,
   ): Promise<[Record<string, unknown>, string | null]> {
     try {
       const [username, token] = b64decode(jwt).split(
diff --git a/typegate/src/services/auth/protocols/internal.ts b/typegate/src/services/auth/protocols/internal.ts
index 0df74806e..90a321f4b 100644
--- a/typegate/src/services/auth/protocols/internal.ts
+++ b/typegate/src/services/auth/protocols/internal.ts
@@ -24,7 +24,7 @@ export class InternalAuth extends Protocol {
 
   async tokenMiddleware(
     token: string,
-    _url: URL,
+    _request: Request,
   ): Promise<[Record<string, unknown>, string | null]> {
     try {
       const claims = await verifyJWT(token);
diff --git a/typegate/src/services/auth/protocols/jwt.ts b/typegate/src/services/auth/protocols/jwt.ts
index 0adcd1bae..9c17a872b 100644
--- a/typegate/src/services/auth/protocols/jwt.ts
+++ b/typegate/src/services/auth/protocols/jwt.ts
@@ -47,7 +47,7 @@ export class JWTAuth extends Protocol {
 
   async tokenMiddleware(
     token: string,
-    _url: URL,
+    _request: Request,
   ): Promise<[Record<string, unknown>, string | null]> {
     try {
       const claims = await jwt.verify(token, this.signKey);
diff --git a/typegate/src/services/auth/protocols/oauth2.ts b/typegate/src/services/auth/protocols/oauth2.ts
index ea34d4bda..880820279 100644
--- a/typegate/src/services/auth/protocols/oauth2.ts
+++ b/typegate/src/services/auth/protocols/oauth2.ts
@@ -55,7 +55,10 @@ class AuthProfiler {
     });
   }
 
-  async transform(profile: any, url: string) {
+  async transform(
+    profile: any,
+    request: Request,
+  ) {
     const { tg, runtimeReferences } = this.authParameters;
     const funcNode = tg.type(this.funcIndex, Type.FUNCTION);
     const mat = tg.materializer(funcNode.materializer);
@@ -63,7 +66,15 @@ class AuthProfiler {
     const validatorInputWeak = generateWeakValidator(tg, funcNode.input);
     const validatorOutput = generateValidator(tg, funcNode.output);
 
-    const input = { ...profile, _: { info: { url } } };
+    const input = {
+      ...profile,
+      _: {
+        info: {
+          url: new URL(request.url),
+          headers: Object.fromEntries(request.headers.entries()),
+        },
+      },
+    };
     validatorInputWeak(input);
 
     // Note: this assumes func is a simple t.func(inp, out, mat)
@@ -154,7 +165,7 @@ export class OAuth2Auth extends Protocol {
             this.typegraphName,
           );
         const tokens = await client.code.getToken(url, { state, codeVerifier });
-        const token = await this.createJWT(tokens);
+        const token = await this.createJWT(tokens, request);
         const headers = await setEncryptedSessionCookie(
           url.hostname,
           this.typegraphName,
@@ -211,8 +222,9 @@ export class OAuth2Auth extends Protocol {
 
   async tokenMiddleware(
     token: string,
-    url: URL,
+    request: Request,
   ): Promise<[Record<string, unknown>, string | null]> {
+    const url = new URL(request.url);
     const typegraphPath = `/${this.typegraphName}`;
     const client = new OAuth2Client({
       ...this.clientData,
@@ -236,7 +248,7 @@ export class OAuth2Auth extends Protocol {
     if (new Date().valueOf() / 1000 > claims.refreshAt) {
       try {
         const newClaims = await client.refreshToken.refresh(refreshToken);
-        const token = await this.createJWT(newClaims);
+        const token = await this.createJWT(newClaims, request);
         return [
           claims,
           token ?? "", // token or clear
@@ -252,6 +264,7 @@ export class OAuth2Auth extends Protocol {
 
   private async getProfile(
     token: Tokens,
+    request: Request,
   ): Promise<null | Record<string, unknown>> {
     if (!this.profileUrl) {
       return null;
@@ -270,7 +283,7 @@ export class OAuth2Auth extends Protocol {
       let profile = await res.json();
 
       if (this.authProfiler) {
-        profile = await this.authProfiler!.transform(profile, url);
+        profile = await this.authProfiler!.transform(profile, request);
       }
 
       return profile;
@@ -279,8 +292,11 @@ export class OAuth2Auth extends Protocol {
     }
   }
 
-  private async createJWT(token: Tokens): Promise<string> {
-    const profile = await this.getProfile(token);
+  private async createJWT(
+    token: Tokens,
+    request: Request,
+  ): Promise<string> {
+    const profile = await this.getProfile(token, request);
     const profileClaims: ProfileClaims = profile
       ? mapKeys(profile, (k) => `profile.${k}`)
       : {};
diff --git a/typegate/src/services/auth/protocols/protocol.ts b/typegate/src/services/auth/protocols/protocol.ts
index 12b5b2f29..0609c7b5e 100644
--- a/typegate/src/services/auth/protocols/protocol.ts
+++ b/typegate/src/services/auth/protocols/protocol.ts
@@ -12,6 +12,6 @@ export abstract class Protocol {
 
   abstract tokenMiddleware(
     token: string,
-    url: URL,
+    request: Request,
   ): Promise<[Record<string, unknown>, string | null]>;
 }