OIDC Dynamic Client Registration - PUT does not return `registration_client_uri`

[daniel-eichinger-snkeos]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

The PUT {{baseUrl}}/oauth2/register/{{clientID}} endpoint does only return a registration_access_token and no registration_client_uri.

This is against the OpenID Connect Dynamic Client Registration 1.0.

Reproducing the bug

1. Register an OAuth2 client using the OIDC Dynamic Client Registration API on Ory Hydra
2. Update the OAuth2 client and look at the response -> no registration_client_uri is returned

Relevant log output

Output of PUT {{baseUrl}}/oauth2/register/{{clientId}}

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: application/json; charset=utf-8
Vary: Origin
Date: Thu, 19 Mar 2026 11:58:43 GMT
Content-Length: 1256
Connection: close

{
  "client_id": "c3beac71-04e3-45cb-958b-488b37b403b5",
  "client_name": "Test Client Updated",
  "redirect_uris": null,
  "grant_types": [
    "client_credentials",
    "authorization_code"
  ],
  "response_types": null,
  "scope": "openid profile",
  "audience": [],
  "owner": "",
  "policy_uri": "",
  "allowed_cors_origins": [],
  "tos_uri": "",
  "client_uri": "",
  "logo_uri": "",
  "contacts": null,
  "client_secret_expires_at": 0,
  "subject_type": "public",
  "jwks": {},
  "token_endpoint_auth_method": "client_secret_basic",
  "userinfo_signed_response_alg": "none",
  "created_at": "2026-03-19T11:58:43.098567141Z",
  "updated_at": "2026-03-19T11:58:43.098676Z",
  "metadata": {},
  "registration_access_token": "XXX", # redacted
  "skip_consent": false,
  "skip_logout_consent": null,
  "authorization_code_grant_access_token_lifespan": null,
  "authorization_code_grant_id_token_lifespan": null,
  "authorization_code_grant_refresh_token_lifespan": null,
  "client_credentials_grant_access_token_lifespan": null,
  "implicit_grant_access_token_lifespan": null,
  "implicit_grant_id_token_lifespan": null,
  "jwt_bearer_grant_access_token_lifespan": null,
  "refresh_token_grant_id_token_lifespan": null,
  "refresh_token_grant_access_token_lifespan": null,
  "refresh_token_grant_refresh_token_lifespan": null
}

Relevant configuration

oidc:
  # exposes openid registration at /oauth2/register
  dynamic_client_registration:
    enabled: true

Version

v25.4.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker

Additional Context

No response