diff --git a/vault/token_store.go b/vault/token_store.go
index 1e783d72d298..1cf38d7c513f 100644
--- a/vault/token_store.go
+++ b/vault/token_store.go
@@ -2117,7 +2117,7 @@ func (ts *TokenStore) handleCreateCommon(ctx context.Context, req *logical.Reque
 		NumUses         int    `mapstructure:"num_uses"`
 		Period          string
 		Type            string `mapstructure:"type"`
-		EntityAlias     string
+		EntityAlias     string `mapstructure:"entity_alias"`
 	}
 	if err := mapstructure.WeakDecode(req.Data, &data); err != nil {
 		return logical.ErrorResponse(fmt.Sprintf(
@@ -2223,13 +2223,13 @@ func (ts *TokenStore) handleCreateCommon(ctx context.Context, req *logical.Reque
 		}
 
 		// Get mount accessor which is required to lookup entity alias
-		mountValidationResp := ts.core.router.validateMountByAccessor("auth_token_")
+		mountValidationResp := ts.core.router.MatchingMountByAccessor(req.MountAccessor)
 		if mountValidationResp == nil {
 			return logical.ErrorResponse("auth token mount accessor not found"), nil
 		}
 
 		// Verify that the alias exist
-		aliasByFactors, err := ts.core.identityStore.MemDBAliasByFactors(mountValidationResp.MountAccessor, data.EntityAlias, false, false)
+		aliasByFactors, err := ts.core.identityStore.MemDBAliasByFactors(mountValidationResp.Accessor, data.EntityAlias, false, false)
 		if err != nil {
 			return logical.ErrorResponse(err.Error()), nil
 		}
@@ -2239,8 +2239,8 @@ func (ts *TokenStore) handleCreateCommon(ctx context.Context, req *logical.Reque
 			// Entity alias does not exist. Create a new entity and entity alias
 			newAlias := &logical.Alias{
 				Name: data.EntityAlias,
-				MountAccessor: mountValidationResp.MountAccessor,
-				MountType: mountValidationResp.MountType,
+				MountAccessor: mountValidationResp.Accessor,
+				MountType: mountValidationResp.Type,
 			}
 
 			newEntity, err := ts.core.identityStore.CreateOrFetchEntity(ctx, newAlias)
diff --git a/vault/token_store_test.go b/vault/token_store_test.go
index 6476254c0631..6512d4eb1e90 100644
--- a/vault/token_store_test.go
+++ b/vault/token_store_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"github.com/mitchellh/mapstructure"
 	"path"
 	"reflect"
 	"sort"
@@ -2657,13 +2658,14 @@ func TestTokenStore_HandleRequest_CreateToken_ExistingEntityAlias(t *testing.T)
 
 	// Create token role
 	resp, err = core.HandleRequest(ctx, &logical.Request{
-		Path:      "auth/token/roles/" + testRoleName,
-		Operation: logical.CreateOperation,
+		Path:        "auth/token/roles/" + testRoleName,
+		ClientToken: root,
+		Operation:   logical.CreateOperation,
 		Data: map[string]interface{}{
-			"orphan":      true,
-			"period":      "72h",
-			"path_suffix": "happenin",
-			"bound_cidrs": []string{"0.0.0.0/0"},
+			"orphan":                 true,
+			"period":                 "72h",
+			"path_suffix":            "happenin",
+			"bound_cidrs":            []string{"0.0.0.0/0"},
 			"allowed_entity_aliases": []string{"test1", "test2", entityAliasName},
 		},
 	})
@@ -2672,11 +2674,10 @@ func TestTokenStore_HandleRequest_CreateToken_ExistingEntityAlias(t *testing.T)
 	}
 
 	resp, err = core.HandleRequest(ctx, &logical.Request{
-		Path:        "auth/token/create",
+		Path:        "auth/token/create/" + testRoleName,
 		Operation:   logical.UpdateOperation,
 		ClientToken: root,
 		Data: map[string]interface{}{
-			"role_name":    testRoleName,
 			"entity_alias": entityAliasName,
 		},
 	})
@@ -2710,12 +2711,13 @@ func TestTokenStore_HandleRequest_CreateToken_NonExistingEntityAlias(t *testing.
 
 	// Create token role
 	resp, err := core.HandleRequest(ctx, &logical.Request{
-		Path:      "auth/token/roles/" + testRoleName,
-		Operation: logical.CreateOperation,
+		Path:        "auth/token/roles/" + testRoleName,
+		ClientToken: root,
+		Operation:   logical.CreateOperation,
 		Data: map[string]interface{}{
-			"period":      "72h",
-			"path_suffix": "happenin",
-			"bound_cidrs": []string{"0.0.0.0/0"},
+			"period":                 "72h",
+			"path_suffix":            "happenin",
+			"bound_cidrs":            []string{"0.0.0.0/0"},
 			"allowed_entity_aliases": []string{"test1", "test2"},
 		},
 	})
@@ -2725,11 +2727,10 @@ func TestTokenStore_HandleRequest_CreateToken_NonExistingEntityAlias(t *testing.
 
 	// Create token with non existing entity alias
 	resp, err = core.HandleRequest(ctx, &logical.Request{
-		Path:        "auth/token/create",
+		Path:        "auth/token/create/" + testRoleName,
 		Operation:   logical.UpdateOperation,
 		ClientToken: root,
 		Data: map[string]interface{}{
-			"role_name":    testRoleName,
 			"entity_alias": entityAliasName,
 		},
 	})
@@ -2750,15 +2751,16 @@ func TestTokenStore_HandleRequest_CreateToken_NonExistingEntityAlias(t *testing.
 	}
 
 	// Get the attached alias information
-	aliases, ok := resp.Data["aliases"].([]identity.Alias)
-	if !ok {
-		t.Fatalf("failed to parse attached aliases. Resp: %#v", resp.Data)
-	}
+	aliases := resp.Data["aliases"].([]interface{})
 	if len(aliases) != 1 {
-		t.Fatalf("expected one attached alias but got %d", len(aliases))
+		t.Fatalf("expected only one alias but got %d; Aliases: %#v", len(aliases), aliases)
 	}
-	if aliases[0].Name != entityAliasName {
-		t.Fatalf("alias name should be '%s' but is '%s'", entityAliasName, aliases[0].Name)
+	alias := &identity.Alias{}
+	mapstructure.Decode(aliases[0], alias)
+
+	// Validate
+	if alias.Name != entityAliasName {
+		t.Fatalf("alias name should be '%s' but is '%s'", entityAliasName, alias.Name)
 	}
 }
 
@@ -2785,7 +2787,7 @@ func TestTokenStore_HandleRequest_CreateToken_NotAllowedEntityAlias(t *testing.T
 	entityID := resp.Data["id"].(string)
 
 	// Find mount accessor
-	resp, err = core.systemBackend.HandleRequest(namespace.RootContext(nil), &logical.Request{
+	resp, err = core.systemBackend.HandleRequest(ctx, &logical.Request{
 		Path:      "auth",
 		Operation: logical.ReadOperation,
 	})
@@ -2807,10 +2809,11 @@ func TestTokenStore_HandleRequest_CreateToken_NotAllowedEntityAlias(t *testing.T
 
 	// Create token role
 	resp, err = core.HandleRequest(ctx, &logical.Request{
-		Path:      "auth/token/roles/" + testRoleName,
-		Operation: logical.CreateOperation,
+		Path:        "auth/token/roles/" + testRoleName,
+		ClientToken: root,
+		Operation:   logical.CreateOperation,
 		Data: map[string]interface{}{
-			"period": "72h",
+			"period":                 "72h",
 			"allowed_entity_aliases": []string{"test1", "test2", "testentityaliasn"},
 		},
 	})
@@ -2819,7 +2822,7 @@ func TestTokenStore_HandleRequest_CreateToken_NotAllowedEntityAlias(t *testing.T
 	}
 
 	resp, _ = core.HandleRequest(ctx, &logical.Request{
-		Path:        "auth/token/create",
+		Path:        "auth/token/create/" + testRoleName,
 		Operation:   logical.UpdateOperation,
 		ClientToken: root,
 		Data: map[string]interface{}{