Is the JWT token generated by CF on successful mTLS authentication passed on to the origin?

I’m investigating a way to use mTLS as a way to authenticate machine-to-machine traffic, alternative to using shared secrets

From the documentation I understand that, upon successful mTLS authentication, CF will generate a JWT so that subsequent requests from the same client will be treated as already authed.

Will CF filter out that JWT when calling the origin, or will it passed it on?

If passed on, which information does it contain?

Thank you in advance

Requests passed through Access will come with a JWT that you can verify to ensure they went through Access. This isn’t necessarily the same as the JWT the client is issued. See Validate JWTs · Cloudflare Zero Trust docs for more details about verifying the JWT on the origin and for other ways to ensure traffic only goes through Cloudflare Access.