diff --git a/src/lib/services/OpenID4VCIClient.ts b/src/lib/services/OpenID4VCIClient.ts
index 54f23a9e1..bf5c6c804 100644
--- a/src/lib/services/OpenID4VCIClient.ts
+++ b/src/lib/services/OpenID4VCIClient.ts
@@ -122,7 +122,7 @@ export class OpenID4VCIClient implements IOpenID4VCIClient {
 			authorizationRequestURL.search = authParams.toString();
 		}
 
-		await this.openID4VCIClientStateRepository.create(new OpenID4VCIClientState(userHandleB64u, this.config.credentialIssuerIdentifier, state, code_verifier, credentialConfigurationId))
+		await this.openID4VCIClientStateRepository.create(new OpenID4VCIClientState(userHandleB64u, this.config.credentialIssuerIdentifier, state, issuer_state, code_verifier, credentialConfigurationId))
 
 		const modifiedAuthorizationRequest = await this.authorizationRequestModifier(this.config.credentialIssuerIdentifier, authorizationRequestURL.toString(), request_uri, this.config.clientId);
 
@@ -422,6 +422,17 @@ export class OpenID4VCIClient implements IOpenID4VCIClient {
 			"format": this.config.credentialIssuerMetadata.credential_configurations_supported[flowState.credentialConfigurationId].format,
 		} as any;
 
+		// In order to support any OIDC server, we need to add the issuer state to the body.
+		// The OIDC4VCI spec doesn't define a standard way to relay the issuer state, many implementations presume it is part of the access token.
+		// But the spec also requires the access token to be considered "opaque".
+		// And most OIDC servers won't pass the issuer_state in their access token along - if they have a JWT in the first place!
+		// The spec allow additional attributes so adding it, should not cause trouble at issuers - they should simply ignore it if they cannot handdle it.
+		//
+		// Hence, we duplicate the issuer_state in the body - e.g. the Sphereon agent handles this extra attribute.
+		if (flowState.issuer_state) {
+			credentialEndpointBody.issuer_state = flowState.issuer_state;
+		}
+
 		if (this.config.credentialIssuerMetadata?.batch_credential_issuance?.batch_size) {
 			credentialEndpointBody.proofs = {
 				jwt: proofsArray
diff --git a/src/lib/types/OpenID4VCIClientState.ts b/src/lib/types/OpenID4VCIClientState.ts
index a94ddc4ab..db83ef7ee 100644
--- a/src/lib/types/OpenID4VCIClientState.ts
+++ b/src/lib/types/OpenID4VCIClientState.ts
@@ -9,6 +9,7 @@ export class OpenID4VCIClientState {
 		public userHandleB64U: string,
 		public credentialIssuerIdentifier: string,
 		public state: string,
+		public issuer_state: string | undefined,
 		public code_verifier: string,
 		public credentialConfigurationId: string,
 		public tokenResponse?: {