diff --git a/packages/oauth-provider/src/authorize.test.ts b/packages/oauth-provider/src/authorize.test.ts
index 2729052abf..218b86ad04 100644
--- a/packages/oauth-provider/src/authorize.test.ts
+++ b/packages/oauth-provider/src/authorize.test.ts
@@ -257,11 +257,6 @@ describe("oauth authorize - authenticated", async () => {
 		);
 	});
 
-	it("should advertise authorization_response_iss_parameter_supported in metadata", async () => {
-		const metadata = await auth.api.getOpenIdConfig();
-		expect(metadata.authorization_response_iss_parameter_supported).toBe(true);
-	});
-
 	it("should have metadata issuer match iss parameter (RFC 9207)", async () => {
 		if (!oauthClient?.client_id || !oauthClient?.client_secret) {
 			throw Error("beforeAll not run properly");
diff --git a/packages/oauth-provider/src/metadata.test.ts b/packages/oauth-provider/src/metadata.test.ts
index 228d3a51cd..8c0f2533d9 100644
--- a/packages/oauth-provider/src/metadata.test.ts
+++ b/packages/oauth-provider/src/metadata.test.ts
@@ -100,6 +100,7 @@ describe("oauth metadata", async () => {
 				"client_secret_post",
 			],
 			code_challenge_methods_supported: ["S256"],
+			authorization_response_iss_parameter_supported: true,
 			claims_supported: baseClaims,
 			userinfo_endpoint: `${baseURL}/oauth2/userinfo`,
 			subject_types_supported: ["public"],
@@ -150,6 +151,7 @@ describe("oauth metadata", async () => {
 				"client_secret_post",
 			],
 			code_challenge_methods_supported: ["S256"],
+			authorization_response_iss_parameter_supported: true,
 		});
 	});
 
diff --git a/packages/oauth-provider/src/oauth.ts b/packages/oauth-provider/src/oauth.ts
index 9cc3cd0a55..92cb0f2bf5 100644
--- a/packages/oauth-provider/src/oauth.ts
+++ b/packages/oauth-provider/src/oauth.ts
@@ -299,6 +299,10 @@ export const oauthProvider = <O extends OAuthOptions<Scope[]>>(options: O) => {
 						const authMetadata = authServerMetadata(ctx, jwtPluginOptions, {
 							scopes_supported:
 								opts.advertisedMetadata?.scopes_supported ?? opts.scopes,
+							public_client_supported:
+								opts.allowUnauthenticatedClientRegistration,
+							grant_types_supported: opts.grantTypes,
+							jwt_disabled: opts.disableJwtPlugin,
 						});
 						return authMetadata;
 					}
diff --git a/packages/oauth-provider/src/oauthClient/endpoints.test.ts b/packages/oauth-provider/src/oauthClient/endpoints.test.ts
index 83083263af..02abd452f2 100644
--- a/packages/oauth-provider/src/oauthClient/endpoints.test.ts
+++ b/packages/oauth-provider/src/oauthClient/endpoints.test.ts
@@ -55,6 +55,7 @@ describe("oauthClient", async () => {
 		expect(client?.data?.client_id).toBeDefined();
 		expect(client?.data?.user_id).toBeDefined();
 		expect(client?.data?.client_secret).toBeDefined();
+		expect(client.data?.client_id_issued_at).toBeDefined();
 		oauthClient = client.data!;
 
 		const publicClient = await authClient.oauth2.createClient({
@@ -64,6 +65,7 @@ describe("oauthClient", async () => {
 		expect(publicClient?.data?.client_id).toBeDefined();
 		expect(publicClient?.data?.user_id).toBeDefined();
 		expect(publicClient?.data?.client_secret).toBeUndefined();
+		expect(publicClient.data?.client_id_issued_at).toBeDefined();
 		oauthPublicClient = publicClient.data!;
 
 		const uiClient = await authClient.oauth2.createClient({
@@ -73,6 +75,7 @@ describe("oauthClient", async () => {
 		expect(uiClient?.data?.client_id).toBeDefined();
 		expect(uiClient?.data?.user_id).toBeDefined();
 		expect(uiClient?.data?.client_secret).toBeDefined();
+		expect(uiClient.data?.client_id_issued_at).toBeDefined();
 		oauthUiClient = uiClient.data!;
 	});
 
diff --git a/packages/oauth-provider/src/oauthClient/endpoints.ts b/packages/oauth-provider/src/oauthClient/endpoints.ts
index 80c8d5354d..27c3ca2bcb 100644
--- a/packages/oauth-provider/src/oauthClient/endpoints.ts
+++ b/packages/oauth-provider/src/oauthClient/endpoints.ts
@@ -269,7 +269,10 @@ export async function updateClientEndpoint(
 					value: clientId,
 				},
 			],
-			update: oauthToSchema(updates),
+			update: {
+				...oauthToSchema(updates),
+				updatedAt: new Date(Math.floor(Date.now() / 1000) * 1000),
+			},
 		},
 	);
 	if (!updatedClient) {
@@ -351,8 +354,8 @@ export async function rotateClientSecretEndpoint(
 				},
 			],
 			update: {
-				...schemaToOAuth(client),
 				clientSecret: storedClientSecret,
+				updatedAt: new Date(Math.floor(Date.now() / 1000) * 1000),
 			},
 		},
 	);
diff --git a/packages/oauth-provider/src/register.test.ts b/packages/oauth-provider/src/register.test.ts
index f11d702460..0c9a47a5b8 100644
--- a/packages/oauth-provider/src/register.test.ts
+++ b/packages/oauth-provider/src/register.test.ts
@@ -133,7 +133,7 @@ describe("oauth register", async () => {
 			scope: "create:test delete:test",
 			//---- Recommended client data ----//
 			user_id: "bad-actor",
-			client_id_issued_at: Math.round(Date.now() / 1000),
+			client_id_issued_at: Math.floor(Date.now() / 1000),
 			//---- UI Metadata ----//
 			client_name: "accept name",
 			client_uri: "https://example.com/ok",
diff --git a/packages/oauth-provider/src/register.ts b/packages/oauth-provider/src/register.ts
index 334a816fb5..94ae1113de 100644
--- a/packages/oauth-provider/src/register.ts
+++ b/packages/oauth-provider/src/register.ts
@@ -195,7 +195,11 @@ export async function createOAuthClientEndpoint(
 	});
 	const client = await ctx.context.adapter.create<SchemaClient<Scope[]>>({
 		model: "oauthClient",
-		data: schema,
+		data: {
+			...schema,
+			createdAt: new Date(iat * 1000),
+			updatedAt: new Date(iat * 1000),
+		},
 	});
 	// Format the response according to RFC7591
 	return ctx.json(