diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/controller/CredentialIssuerController.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/controller/CredentialIssuerController.scala
index e11b8e3083..ca1811859f 100644
--- a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/controller/CredentialIssuerController.scala
+++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/controller/CredentialIssuerController.scala
@@ -261,12 +261,17 @@ case class CredentialIssuerControllerImpl(
   ): ZIO[WalletAccessContext, ErrorResponse, CredentialIssuer] =
     for {
       maybeAuthServerUrl <- ZIO
-        .succeed(request.authorizationServer)
+        .succeed(request.authorizationServer.flatMap(_.url))
         .flatMap {
           case Some(url) => parseURL(url).asSome
           case None      => ZIO.none
         }
-      issuer <- issuerMetadataService.updateCredentialIssuer(issuerId, maybeAuthServerUrl)
+      issuer <- issuerMetadataService.updateCredentialIssuer(
+        issuerId,
+        maybeAuthServerUrl,
+        request.authorizationServer.flatMap(_.clientId),
+        request.authorizationServer.flatMap(_.clientSecret)
+      )
     } yield issuer: CredentialIssuer
 
   override def deleteCredentialIssuer(
diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/http/CredentialIssuer.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/http/CredentialIssuer.scala
index c6224f27e7..f5cdf6f3e5 100644
--- a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/http/CredentialIssuer.scala
+++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/http/CredentialIssuer.scala
@@ -25,9 +25,17 @@ object AuthorizationServer {
   given decoder: JsonDecoder[AuthorizationServer] = DeriveJsonDecoder.gen
 }
 
-case class CredentialIssuer(id: UUID, authorizationServer: String)
+case class CredentialIssuer(id: UUID, authorizationServerUrl: String)
 
-case class PatchCredentialIssuerRequest(authorizationServer: Option[String] = None)
+case class PatchAuthorizationServer(url: Option[String], clientId: Option[String], clientSecret: Option[String])
+
+object PatchAuthorizationServer {
+  given schema: Schema[PatchAuthorizationServer] = Schema.derived
+  given encoder: JsonEncoder[PatchAuthorizationServer] = DeriveJsonEncoder.gen
+  given decoder: JsonDecoder[PatchAuthorizationServer] = DeriveJsonDecoder.gen
+}
+
+case class PatchCredentialIssuerRequest(authorizationServer: Option[PatchAuthorizationServer] = None)
 
 object PatchCredentialIssuerRequest {
   given schema: Schema[PatchCredentialIssuerRequest] = Schema.derived
diff --git a/pollux/core/src/main/scala/org/hyperledger/identus/pollux/core/repository/OID4VCIIssuerMetadataRepository.scala b/pollux/core/src/main/scala/org/hyperledger/identus/pollux/core/repository/OID4VCIIssuerMetadataRepository.scala
index 2c072fdcf9..a74d6641a7 100644
--- a/pollux/core/src/main/scala/org/hyperledger/identus/pollux/core/repository/OID4VCIIssuerMetadataRepository.scala
+++ b/pollux/core/src/main/scala/org/hyperledger/identus/pollux/core/repository/OID4VCIIssuerMetadataRepository.scala
@@ -11,7 +11,12 @@ trait OID4VCIIssuerMetadataRepository {
   def findIssuerById(issuerId: UUID): UIO[Option[CredentialIssuer]]
   def createIssuer(issuer: CredentialIssuer): URIO[WalletAccessContext, Unit]
   def findWalletIssuers: URIO[WalletAccessContext, Seq[CredentialIssuer]]
-  def updateIssuer(issuerId: UUID, authorizationServer: Option[URL] = None): URIO[WalletAccessContext, Unit]
+  def updateIssuer(
+      issuerId: UUID,
+      authorizationServer: Option[URL] = None,
+      authorizationServerClientId: Option[String] = None,
+      authorizationServerClientSecret: Option[String] = None
+  ): URIO[WalletAccessContext, Unit]
   def deleteIssuer(issuerId: UUID): URIO[WalletAccessContext, Unit]
   def createCredentialConfiguration(issuerId: UUID, config: CredentialConfiguration): URIO[WalletAccessContext, Unit]
   def findCredentialConfigurationsByIssuer(issuerId: UUID): UIO[Seq[CredentialConfiguration]]
diff --git a/pollux/core/src/main/scala/org/hyperledger/identus/pollux/core/service/OID4VCIIssuerMetadataService.scala b/pollux/core/src/main/scala/org/hyperledger/identus/pollux/core/service/OID4VCIIssuerMetadataService.scala
index 252c15669b..b563d8676e 100644
--- a/pollux/core/src/main/scala/org/hyperledger/identus/pollux/core/service/OID4VCIIssuerMetadataService.scala
+++ b/pollux/core/src/main/scala/org/hyperledger/identus/pollux/core/service/OID4VCIIssuerMetadataService.scala
@@ -61,7 +61,9 @@ trait OID4VCIIssuerMetadataService {
   def getCredentialIssuers: URIO[WalletAccessContext, Seq[CredentialIssuer]]
   def updateCredentialIssuer(
       issuerId: UUID,
-      authorizationServer: Option[URL] = None
+      authorizationServer: Option[URL] = None,
+      authorizationServerClientId: Option[String] = None,
+      authorizationServerClientSecret: Option[String] = None
   ): ZIO[WalletAccessContext, IssuerIdNotFound, CredentialIssuer]
   def deleteCredentialIssuer(issuerId: UUID): ZIO[WalletAccessContext, IssuerIdNotFound, Unit]
   def createCredentialConfiguration(
@@ -99,11 +101,18 @@ class OID4VCIIssuerMetadataServiceImpl(repository: OID4VCIIssuerMetadataReposito
 
   override def updateCredentialIssuer(
       issuerId: UUID,
-      authorizationServer: Option[URL]
+      authorizationServer: Option[URL],
+      authorizationServerClientId: Option[String],
+      authorizationServerClientSecret: Option[String]
   ): ZIO[WalletAccessContext, IssuerIdNotFound, CredentialIssuer] =
     for {
       _ <- repository
-        .updateIssuer(issuerId, authorizationServer = authorizationServer)
+        .updateIssuer(
+          issuerId = issuerId,
+          authorizationServer = authorizationServer,
+          authorizationServerClientId = authorizationServerClientId,
+          authorizationServerClientSecret = authorizationServerClientSecret
+        )
         .catchSomeDefect { case _: UnexpectedAffectedRow =>
           ZIO.fail(IssuerIdNotFound(issuerId))
         }
diff --git a/pollux/sql-doobie/src/main/scala/org/hyperledger/identus/pollux/sql/repository/JdbcOID4VCIIssuerMetadataRepository.scala b/pollux/sql-doobie/src/main/scala/org/hyperledger/identus/pollux/sql/repository/JdbcOID4VCIIssuerMetadataRepository.scala
index c095a99bd8..b43fe8f70e 100644
--- a/pollux/sql-doobie/src/main/scala/org/hyperledger/identus/pollux/sql/repository/JdbcOID4VCIIssuerMetadataRepository.scala
+++ b/pollux/sql-doobie/src/main/scala/org/hyperledger/identus/pollux/sql/repository/JdbcOID4VCIIssuerMetadataRepository.scala
@@ -86,12 +86,18 @@ class JdbcOID4VCIIssuerMetadataRepository(xa: Transactor[ContextAwareTask], xb:
 
   override def updateIssuer(
       issuerId: UUID,
-      authorizationServer: Option[URL]
+      authorizationServer: Option[URL],
+      authorizationServerClientId: Option[String],
+      authorizationServerClientSecret: Option[String]
   ): URIO[WalletAccessContext, Unit] = {
     val setFr = (now: Instant) =>
       Fragments.set(
         fr"updated_at = $now",
-        (Seq(authorizationServer.map(url => fr"authorization_server = $url")).flatten): _*
+        (Seq(
+          authorizationServer.map(url => fr"authorization_server = $url"),
+          authorizationServerClientId.map(i => fr"authorization_server_client_id = $i"),
+          authorizationServerClientSecret.map(i => fr"authorization_server_client_secret = $i")
+        ).flatten)*
       )
     val cxnIO = (setFr: Fragment) => sql"""
         |UPDATE public.issuer_metadata