diff --git a/dotnet-authserver/src/TeacherIdentity.AuthServer/Controllers/AuthorizationController.cs b/dotnet-authserver/src/TeacherIdentity.AuthServer/Controllers/AuthorizationController.cs
index 39306f4f5..963529aa8 100644
--- a/dotnet-authserver/src/TeacherIdentity.AuthServer/Controllers/AuthorizationController.cs
+++ b/dotnet-authserver/src/TeacherIdentity.AuthServer/Controllers/AuthorizationController.cs
@@ -416,9 +416,11 @@ public async Task<IActionResult> Exchange()
                 Claims.Name, Claims.Role);
 
             // Use the client_id as the subject identifier.
-            identity.SetClaim(Claims.Subject, (await _applicationManager.GetClientIdAsync(application))!);
+            identity.AddClaim(Claims.Subject, (await _applicationManager.GetClientIdAsync(application))!,
+                Destinations.AccessToken, Destinations.IdentityToken);
 
-            identity.SetClaim(Claims.Name, (await _applicationManager.GetDisplayNameAsync(application))!);
+            identity.AddClaim(Claims.Name, (await _applicationManager.GetDisplayNameAsync(application))!,
+                Destinations.AccessToken, Destinations.IdentityToken);
 
             // Note: In the original OAuth 2.0 specification, the client credentials grant
             // doesn't return an identity token, which is an OpenID Connect concept.
diff --git a/dotnet-authserver/src/TeacherIdentity.AuthServer/Program.cs b/dotnet-authserver/src/TeacherIdentity.AuthServer/Program.cs
index 53bbaf264..f63b2da88 100644
--- a/dotnet-authserver/src/TeacherIdentity.AuthServer/Program.cs
+++ b/dotnet-authserver/src/TeacherIdentity.AuthServer/Program.cs
@@ -357,10 +357,10 @@ public static async Task Main(string[] args)
                 options.SetIssuer(new Uri(baseAddress));
 
                 options
-                    .SetAuthorizationEndpointUris("connect/authorize")
-                    .SetLogoutEndpointUris("connect/signout")
-                    .SetTokenEndpointUris("connect/token")
-                    .SetUserinfoEndpointUris("connect/userinfo");
+                    .SetAuthorizationEndpointUris("/connect/authorize")
+                    .SetLogoutEndpointUris("/connect/signout")
+                    .SetTokenEndpointUris("/connect/token")
+                    .SetUserinfoEndpointUris("/connect/userinfo");
 
                 options
                     .AllowAuthorizationCodeFlow()
diff --git a/dotnet-authserver/src/TeacherIdentity.AuthServer/TeacherIdentity.AuthServer.csproj b/dotnet-authserver/src/TeacherIdentity.AuthServer/TeacherIdentity.AuthServer.csproj
index d60b5e6ce..fbb53d52b 100644
--- a/dotnet-authserver/src/TeacherIdentity.AuthServer/TeacherIdentity.AuthServer.csproj
+++ b/dotnet-authserver/src/TeacherIdentity.AuthServer/TeacherIdentity.AuthServer.csproj
@@ -37,8 +37,8 @@
     <PackageReference Include="Microsoft.Web.LibraryManager.Build" Version="2.1.175" />
     <PackageReference Include="MiniValidation" Version="0.9.0" />
     <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="7.0.11" />
-    <PackageReference Include="OpenIddict.AspNetCore" Version="4.9.0" />
-    <PackageReference Include="OpenIddict.EntityFrameworkCore" Version="4.9.0" />
+    <PackageReference Include="OpenIddict.AspNetCore" Version="3.1.1" />
+    <PackageReference Include="OpenIddict.EntityFrameworkCore" Version="3.1.1" />
     <PackageReference Include="Optional" Version="4.0.0" />
     <PackageReference Include="Polly" Version="8.0.0" />
     <PackageReference Include="RedisRateLimiting.AspNetCore" Version="1.0.9" />