It is definitely possible :-) In the Client Registration interception script, you could parse and validate the JWS, and then create your client in the script.

I was exploring that option, but the Client Interception script is not triggering the updateClient function where we can have access to the registerRequest parameter. I was trying below simple script just to print out the data just and understand what's available, but I am seeing in the logs that only init is triggered. Am I missing something? oxauth_script.log ``` 2020-08-11 08:26:12,242 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - RPT Policy. Destroyed successfully 2020-08-11 08:26:12,274 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - RPT Policy. Initializing ... 2020-08-11 08:26:12,274 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - RPT Policy. Initialized successfully 2020-08-11 08:26:12,279 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Permission dynamic scope. Destroy 2020-08-11 08:26:12,279 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Permission dynamic scope. Destroyed successfully 2020-08-11 08:26:12,289 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Permission dynamic scope. Initialization 2020-08-11 08:26:12,290 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Permission dynamic scope. Initialized successfully 2020-08-11 08:26:12,301 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Client registration. Initialization 2020-08-11 08:26:12,301 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Client registration. Initialized successfully 2020-08-11 08:26:12,307 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa client registration. Destroy 2020-08-11 08:26:12,307 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa client registration. Destroyed successfully 2020-08-11 08:26:12,324 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa client registration. Initialization 2020-08-11 08:26:12,324 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa client registration. Initialized successfully ``` oxauth.log ``` 2020-08-11 08:31:44,826 ERROR [qtp1625082366-21] [gluu.oxauth.register.ws.rs.RegisterRestWebServiceImpl] (RegisterRestWebServiceImpl.java:340) - A JSONObject text must begin with '{' at 1 [character 2 line 1] org.json.JSONException: A JSONObject text must begin with '{' at 1 [character 2 line 1] at org.json.JSONTokener.syntaxError(JSONTokener.java:505) ~[json-20180813.jar:?] at org.json.JSONObject.<init>(JSONObject.java:215) ~[json-20180813.jar:?] at org.json.JSONObject.<init>(JSONObject.java:399) ~[json-20180813.jar:?] at org.gluu.oxauth.register.ws.rs.RegisterRestWebServiceImpl.registerClientImpl(RegisterRestWebServiceImpl.java:143) ~[classes/:?] at org.gluu.oxauth.register.ws.rs.RegisterRestWebServiceImpl.requestRegister(RegisterRestWebServiceImpl.java:133) ~[classes/:?] at org.gluu.oxauth.register.ws.rs.RegisterRestWebServiceImpl$Proxy$_$$_WeldClientProxy.requestRegister(Unknown Source) ~[classes/:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:535) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:424) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:385) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:387) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:356) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:329) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) ~[resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:226) ~[websocket-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] at org.gluu.server.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:362) ~[oxcore-server-4.2.0.Final.jar:?] at org.gluu.server.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:139) ~[oxcore-server-4.2.0.Final.jar:?] at org.gluu.oxauth.filter.CorsFilter.doFilter(CorsFilter.java:118) ~[classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) ~[classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1596) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590) ~[jetty-security-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.Server.handle(Server.java:500) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547) [jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) [jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) [jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] at java.lang.Thread.run(Thread.java:834) [?:?] ``` Client Registration Interception Script ``` from org.gluu.model.custom.script.type.client import ClientRegistrationType from org.gluu.service.cdi.util import CdiUtil from org.gluu.oxauth.service import ScopeService from org.gluu.util import StringHelper, ArrayHelper from java.util import Arrays, ArrayList, HashSet import java class ClientRegistration(ClientRegistrationType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis def init(self, customScript, configurationAttributes): print "Client registration. Initialization" print "Client registration. Initialized successfully" return True def destroy(self, configurationAttributes): print "Client registration. Destroy" print "Client registration. Destroyed successfully" return True # Update client entry before persistent it # registerRequest is org.gluu.oxauth.client.RegisterRequest # client is org.gluu.oxauth.model.registration.Client # configurationAttributes is java.util.Map<String, SimpleCustomProperty> def createClient(self, registerRequest, client, configurationAttributes): print "Client registration. CreateClient method" return True # Update client entry before persistent it # registerRequest is org.gluu.oxauth.client.RegisterRequest # client is org.gluu.oxauth.model.registration.Client # configurationAttributes is java.util.Map<String, SimpleCustomProperty> def updateClient(self, registerRequest, client, configurationAttributes): print "Client registration. UpdateClient method" return True def getApiVersion(self): return 11 ```

Please, could you share request that you are doing? curl command could be good enough.

Here is a postman log ``` POST https://gluu.redacted/oxauth/restv1/register 500 460 ms Warning: Self signed certificate POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/jwt User-Agent: PostmanRuntime/7.26.3 Accept: */* Cache-Control: no-cache Postman-Token: 7d552349-f67a-4f6c-bb02-f37a94495da3 Host: gluu.redacted Accept-Encoding: gzip, deflate, br Connection: keep-alive Content-Length: 5090 eyJ0eXAiOiJKV1QiLCJraWQiOiIyMVdyRU9oZnNScmotTW40XzVsU0ExZHZHMEUiLCJhbGciOiJQUzI1NiJ9.eyJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwiZ3JhbnRfdHlwZXMiOlsiYXV0aG9yaXphdGlvbl9jb2RlIiwiY2xpZW50X2NyZWRlbnRpYWxzIiwicmVmcmVzaF90b2tlbiIsInVybjpvcGVuaWQ6cGFyYW1zOmdyYW50LXR5cGU6Y2liYSJdLCJyZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vb2Jjb25uZWN0LmxvY2FsOjQyMDAvY2FsbGJhY2siLCJodHRwczovL2FwcC5kZW1vLm9iY29ubmVjdC5pby9jYWxsYmFjayJdLCJzb2Z0d2FyZV9pZCI6Ik04a0l1S1Z3d2Vqa3JFcmZ3dUpvTzkiLCJzb2Z0d2FyZV9zdGF0ZW1lbnQiOiJleUpoYkdjaU9pSlFVekkxTmlJc0ltdHBaQ0k2SWtoNllUbDJOV0puUkVwalQyNW9ZMVZhTjBKTmQySlRURjgwVGxZd1oxTkdka2xxWVZOWVpFTXRNV005SWl3aWRIbHdJam9pU2xkVUluMC5leUpwYzNNaU9pSlBjR1Z1UW1GdWEybHVaeUJNZEdRaUxDSnBZWFFpT2pFMU9UY3dPRGMwTWpVc0ltcDBhU0k2SW1JNE56UXdOMk5qT1RWaE1UUXhPVFVpTENKemIyWjBkMkZ5WlY5bGJuWnBjbTl1YldWdWRDSTZJbk5oYm1SaWIzZ2lMQ0p6YjJaMGQyRnlaVjl0YjJSbElqb2lWR1Z6ZENJc0luTnZablIzWVhKbFgybGtJam9pVFRoclNYVkxWbmQzWldwcmNrVnlabmQxU205UE9TSXNJbk52Wm5SM1lYSmxYMk5zYVdWdWRGOXBaQ0k2SWswNGEwbDFTMVozZDJWcWEzSkZjbVozZFVwdlR6a2lMQ0p6YjJaMGQyRnlaVjlqYkdsbGJuUmZibUZ0WlNJNklrOUNRMDlPVGtWRFZDQXRJRUZRVURBd01TSXNJbk52Wm5SM1lYSmxYMk5zYVdWdWRGOWtaWE5qY21sd2RHbHZiaUk2SWs5Q1EwOU9Ua1ZEVkNCaGNIQnNhV05oZEdsdmJpQm1iM0lnYkc5allXd2dkR1Z6ZEdsdVp5NGlMQ0p6YjJaMGQyRnlaVjkyWlhKemFXOXVJam94TGpBc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5MWNta2lPaUpvZEhSd2N6b3ZMMjlpWTI5dWJtVmpkQzVzYjJOaGJEbzBNakF3SWl3aWMyOW1kSGRoY21WZmNtVmthWEpsWTNSZmRYSnBjeUk2V3lKb2RIUndjem92TDI5aVkyOXVibVZqZEM1c2IyTmhiRG8wTWpBd0wyTmhiR3hpWVdOcklpd2lhSFIwY0hNNkx5OWhjSEF1WkdWdGJ5NXZZbU52Ym01bFkzUXVhVzh2WTJGc2JHSmhZMnNpWFN3aWMyOW1kSGRoY21WZmNtOXNaWE1pT2xzaVFVbFRVQ0lzSWxCSlUxQWlMQ0pEUWxCSlNTSmRMQ0p2Y21kaGJtbHpZWFJwYjI1ZlkyOXRjR1YwWlc1MFgyRjFkR2h2Y21sMGVWOWpiR0ZwYlhNaU9uc2lZWFYwYUc5eWFYUjVYMmxrSWpvaVQwSkhRbElpTENKeVpXZHBjM1J5WVhScGIyNWZhV1FpT2lKVmJtdHViM2R1TURBeE5FZ3dNREF3TVd4R1JUTlVVVUZYSWl3aWMzUmhkSFZ6SWpvaVFXTjBhWFpsSWl3aVlYVjBhRzl5YVhOaGRHbHZibk1pT2x0N0ltMWxiV0psY2w5emRHRjBaU0k2SWtkQ0lpd2ljbTlzWlhNaU9sc2lRVWxUVUNJc0lsQkpVMUFpTENKRFFsQkpTU0pkZlN4N0ltMWxiV0psY2w5emRHRjBaU0k2SWtsRklpd2ljbTlzWlhNaU9sc2lRVWxUVUNJc0lsQkpVMUFpTENKRFFsQkpTU0pkZlN4N0ltMWxiV0psY2w5emRHRjBaU0k2SWs1TUlpd2ljbTlzWlhNaU9sc2lRVWxUVUNJc0lsQkpVMUFpTENKRFFsQkpTU0pkZlYxOUxDSnpiMlowZDJGeVpWOXNiMmR2WDNWeWFTSTZJbWgwZEhCek9pOHZiMkpqYjI1dVpXTjBMbWx2TDJ4dloyOGlMQ0p2Y21kZmMzUmhkSFZ6SWpvaVFXTjBhWFpsSWl3aWIzSm5YMmxrSWpvaU1EQXhORWd3TURBd01XeEdSVE5VVVVGWElpd2liM0puWDI1aGJXVWlPaUpQUWtOUFRrNUZRMVFnVEVsTlNWUkZSQ0lzSW05eVoxOWpiMjUwWVdOMGN5STZXM3NpYm1GdFpTSTZJbFJsWTJodWFXTmhiQ0lzSW1WdFlXbHNJam9pYVc1bWIwQnZZbU52Ym01bFkzUXVhVzhpTENKd2FHOXVaU0k2SWlzME5EYzNPRFUzTkRBM05qZ2lMQ0owZVhCbElqb2lWR1ZqYUc1cFkyRnNJbjBzZXlKdVlXMWxJam9pUW5WemFXNWxjM01pTENKbGJXRnBiQ0k2SW1sdVptOUFiMkpqYjI1dVpXTjBMbWx2SWl3aWNHaHZibVVpT2lJck5EUTNOemcxTnpRd056WTRJaXdpZEhsd1pTSTZJa0oxYzJsdVpYTnpJbjFkTENKdmNtZGZhbmRyYzE5bGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmEyVjVjM1J2Y21VdWIzQmxibUpoYm10cGJtZDBaWE4wTG05eVp5NTFheTh3TURFMFNEQXdNREF4YkVaRk0xUlJRVmN2TURBeE5FZ3dNREF3TVd4R1JUTlVVVUZYTG1wM2EzTWlMQ0p2Y21kZmFuZHJjMTl5WlhadmEyVmtYMlZ1WkhCdmFXNTBJam9pYUhSMGNITTZMeTlyWlhsemRHOXlaUzV2Y0dWdVltRnVhMmx1WjNSbGMzUXViM0puTG5Wckx6QXdNVFJJTURBd01ERnNSa1V6VkZGQlZ5OXlaWFp2YTJWa0x6QXdNVFJJTURBd01ERnNSa1V6VkZGQlZ5NXFkMnR6SWl3aWMyOW1kSGRoY21WZmFuZHJjMTlsYm1Sd2IybHVkQ0k2SW1oMGRIQnpPaTh2YTJWNWMzUnZjbVV1YjNCbGJtSmhibXRwYm1kMFpYTjBMbTl5Wnk1MWF5OHdNREUwU0RBd01EQXhiRVpGTTFSUlFWY3ZUVGhyU1hWTFZuZDNaV3ByY2tWeVpuZDFTbTlQT1M1cWQydHpJaXdpYzI5bWRIZGhjbVZmYW5kcmMxOXlaWFp2YTJWa1gyVnVaSEJ2YVc1MElqb2lhSFIwY0hNNkx5OXJaWGx6ZEc5eVpTNXZjR1Z1WW1GdWEybHVaM1JsYzNRdWIzSm5MblZyTHpBd01UUklNREF3TURGc1JrVXpWRkZCVnk5eVpYWnZhMlZrTDAwNGEwbDFTMVozZDJWcWEzSkZjbVozZFVwdlR6a3VhbmRyY3lJc0luTnZablIzWVhKbFgzQnZiR2xqZVY5MWNta2lPaUpvZEhSd2N6b3ZMMjlpWTI5dWJtVmpkQzVwYnk5d2IyeHBZM2tpTENKemIyWjBkMkZ5WlY5MGIzTmZkWEpwSWpvaWFIUjBjSE02THk5dlltTnZibTVsWTNRdWFXOHZkR1Z5YlhNaUxDSnpiMlowZDJGeVpWOXZibDlpWldoaGJHWmZiMlpmYjNKbklqcHVkV3hzZlEuT2pYS0Jqa3FUdzJvNEJGb2dxQklYMWtzb0ZkNENRS2tOTzI0LW9wYVhjSjlJS1hRY0hTUUhjNUdPaHQzeVNFSGZZMF8wYmZjd08xUHhHZGVPdTVjSEZDbVpGZ3lLR1RiVjRnNGhxUTBmcGZHblNjQ1ZneThtRmJzQ1QxWEM3RzlSNjN4bThUWGNZWnY3cXhVSDBpVEtSV2lqVS13Wlpza01rN2RnRGlianhmVmdrbmNZMGdiT0RJYXc5SnlGRmpSS2tqMFpObGFMcVZHczlCdXJVazdISUVrcXlpQjZ3aHNvUkFNMklYQjRmWHdfOHo5eEZsYzJMZUQ0Rjh4NXJFMUtqQVFVeU5vWktsdWhnakVmRHdJWW5TVGhEd2NZTGxJWHlFNVo5SVp3RG1CeHVscEpMYXhObkx1SXBJaEJIbmdGTzdIeGlqV1dDWEpEdlJKT3FaYkp3Iiwic2NvcGUiOiJvcGVuaWQgYWNjb3VudHMgcGF5bWVudHMgZnVuZHNjb25maXJtYXRpb25zIiwicmVzcG9uc2VfdHlwZXMiOlsiY29kZSBpZF90b2tlbiJdLCJ0b2tlbl9lbmRwb2ludF9hdXRoX21ldGhvZCI6ImNsaWVudF9zZWNyZXRfYmFzaWMiLCJpZF90b2tlbl9zaWduZWRfcmVzcG9uc2VfYWxnIjoiUFMyNTYiLCJyZXF1ZXN0X29iamVjdF9zaWduaW5nX2FsZyI6IlBTMjU2IiwiYXVkIjoiMDAxNTgwMDAwMTA0MVJIQUFZIiwiaXNzIjoiTThrSXVLVnd3ZWprckVyZnd1Sm9POSIsImp0aSI6ImNiNGU3MjI1LTJmMGItNDVjNy1iZjQwLTgzMDNiODFkNDNhNCIsImlhdCI6MTU5NzA4NzQyNSwiZXhwIjoxNTk3MDg4MzI1fQ.IPEvs9iK2HNqLRi8wHvyzI5MKM_rFec91NmoiZ9PQrPW4-kK3-gj-rgavUCaxWELpeqUpCYUYufmHl86kizw4w03yCKCs3fMzgBlHwqzQmhlDlnxAN2mfYPKeghBgWyHu7-HrUvzMGcQIzq2yDcFxWBqhXiB3usc1zhFmO7ZeEvOMWAEh259kFIXorIXqhoM7Tp4pc2R05XR8s30xlUIGXgYgKSBmV8bAChqeOOq8yaevpat1kB7qfAuTM4AyC9DbcIt3DvIN6s8FWdvK5HytGlRsecqrsapnIXe-XkjI9KpnhEIuR5VyBGwFkn5jwHQqaqWkA3fh7sRp4lv4Oh6Aw HTTP/1.1 500 Server Error Date: Tue, 11 Aug 2020 08:31:44 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: no-store Content-Type: application/json Pragma: no-cache Content-Length: 295 Connection: close { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ```

Yeah, that request mode is not supported yet, because request body can't be parsed. Custom script could help when we have Json body, however in this case this is a JWT directly in the body.

So, if I understand correctly we can't use Client Register Interceptor script here like Mike mentioned, correct? Any other option?

Yes, I think we are limited by the content-type here, since like I mentioned, request body is a JWT and currently Gluu AS receives Json body, that's the reason why you are facing JSONException in logs.