diff --git a/internal/api/oidc/token_client_credentials.go b/internal/api/oidc/token_client_credentials.go
index 2ad429d2b9..459a98f8ad 100644
--- a/internal/api/oidc/token_client_credentials.go
+++ b/internal/api/oidc/token_client_credentials.go
@@ -51,5 +51,5 @@ func (s *Server) ClientCredentialsExchange(ctx context.Context, r *op.ClientRequ
 		return nil, err
 	}
 
-	return response(s.accessTokenResponseFromSession(ctx, client, session, "", "", false, true, false, false))
+	return response(s.accessTokenResponseFromSession(ctx, client, session, "", "", false, true, true, false))
 }
diff --git a/internal/api/oidc/token_jwt_profile.go b/internal/api/oidc/token_jwt_profile.go
index 92d70d33d6..d3c32604c3 100644
--- a/internal/api/oidc/token_jwt_profile.go
+++ b/internal/api/oidc/token_jwt_profile.go
@@ -58,7 +58,7 @@ func (s *Server) JWTProfile(ctx context.Context, r *op.Request[oidc.JWTProfileGr
 	if err != nil {
 		return nil, err
 	}
-	return response(s.accessTokenResponseFromSession(ctx, client, session, "", "", false, true, false, false))
+	return response(s.accessTokenResponseFromSession(ctx, client, session, "", "", false, true, true, false))
 }
 
 func (s *Server) verifyJWTProfile(ctx context.Context, req *oidc.JWTProfileGrantRequest) (user *query.User, tokenRequest *oidc.JWTTokenRequest, err error) {