diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile
index 73087e6798f..e2837de5fe5 100644
--- a/docker-jans-persistence-loader/Dockerfile
+++ b/docker-jans-persistence-loader/Dockerfile
@@ -24,7 +24,7 @@ RUN python3 -m ensurepip \
 # =====================
 
 # janssenproject/jans SHA commit
-ENV JANS_SOURCE_VERSION=e74ea8e27e59d35ff6e3c6f997e6c1df6a04ec83
+ENV JANS_SOURCE_VERSION=3f677636cc2f871e5a9c683634334578405f18f3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog
 
diff --git a/docker-jans-persistence-loader/scripts/spanner_setup.py b/docker-jans-persistence-loader/scripts/spanner_setup.py
index 382dfddaa81..238f612e50f 100644
--- a/docker-jans-persistence-loader/scripts/spanner_setup.py
+++ b/docker-jans-persistence-loader/scripts/spanner_setup.py
@@ -362,6 +362,7 @@ def column_int_to_string(table_name, col_name):
             ("jansScope", "creatorAttrs"),
             ("jansScope", "creationDate"),
             ("jansStatEntry", "jansData"),
+            ("jansSessId", "deviceSecret"),
         ]:
             add_column(mod[0], mod[1])
 
diff --git a/docker-jans-persistence-loader/scripts/sql_setup.py b/docker-jans-persistence-loader/scripts/sql_setup.py
index a766192fb33..a27553c50cf 100644
--- a/docker-jans-persistence-loader/scripts/sql_setup.py
+++ b/docker-jans-persistence-loader/scripts/sql_setup.py
@@ -367,6 +367,7 @@ def column_from_json(table_name, col_name):
             ("jansScope", "creatorAttrs"),
             ("jansScope", "creationDate"),
             ("jansStatEntry", "jansData"),
+            ("jansSessId", "deviceSecret"),
         ]:
             add_column(mod[0], mod[1])
 
diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py
index 1b3ddc3677a..7952e0b9574 100644
--- a/docker-jans-persistence-loader/scripts/upgrade.py
+++ b/docker-jans-persistence-loader/scripts/upgrade.py
@@ -152,6 +152,14 @@ def _transform_auth_dynamic_config(conf):
             ]
             should_update = True
 
+        for grant_type in [
+            "urn:ietf:params:oauth:grant-type:device_code",
+            "urn:ietf:params:oauth:grant-type:token-exchange",
+        ]:
+            if grant_type not in conf["dynamicGrantTypeDefault"]:
+                conf["dynamicGrantTypeDefault"].append(grant_type)
+                should_update = True
+
     if "forceSignedRequestObject" not in conf:
         conf["forceSignedRequestObject"] = False
         should_update = True
@@ -205,6 +213,14 @@ def _transform_auth_dynamic_config(conf):
         }
         should_update = True
 
+    for grant_type in [
+        "urn:ietf:params:oauth:grant-type:device_code",
+        "urn:ietf:params:oauth:grant-type:token-exchange",
+    ]:
+        if grant_type not in conf["grantTypesSupported"]:
+            conf["grantTypesSupported"].append(grant_type)
+            should_update = True
+
     # return the conf and flag to determine whether it needs update or not
     return conf, should_update
 
diff --git a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json
index 2b831e2dd9f..a456e96b3f1 100644
--- a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json
+++ b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json
@@ -62,7 +62,8 @@
         "client_credentials",
         "refresh_token",
         "urn:ietf:params:oauth:grant-type:uma-ticket",
-        "urn:ietf:params:oauth:grant-type:device_code"
+        "urn:ietf:params:oauth:grant-type:device_code",
+        "urn:ietf:params:oauth:grant-type:token-exchange"
     ],
     "subjectTypesSupported":[
         "public",
@@ -273,7 +274,8 @@
         "client_credentials",
         "refresh_token",
         "urn:ietf:params:oauth:grant-type:uma-ticket",
-        "urn:ietf:params:oauth:grant-type:device_code"
+        "urn:ietf:params:oauth:grant-type:device_code",
+        "urn:ietf:params:oauth:grant-type:token-exchange"
     ],
     "claimsParameterSupported":false,
     "requestParameterSupported":true,
@@ -477,11 +479,11 @@
         "templatesPath": "/ftl",
         "scriptsPath": "/scripts",
         "serializerType": "KRYO",
-        "maxItemsLoggedInCollections": 3,
-        "pageMismatchErrorPage": "mismatch.ftl",
-        "interruptionErrorPage": "timeout.ftl",
-        "crashErrorPage": "crash.ftl",
-        "finishedFlowPage": "finished.ftl",
+        "maxItemsLoggedInCollections": 9,
+        "pageMismatchErrorPage": "mismatch.ftlh",
+        "interruptionErrorPage": "timeout.ftlh",
+        "crashErrorPage": "crash.ftlh",
+        "finishedFlowPage": "finished.ftlh",
         "bridgeScriptPage": "agama.xhtml",
         "defaultResponseHeaders": {
             "Cache-Control": "max-age=0, no-store"
diff --git a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json
index 9dbf9990497..30b94d05619 100644
--- a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json
+++ b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json
@@ -73,7 +73,9 @@
     "grantTypesSupported":[
         "client_credentials",
         "authorization_code",
-        "refresh_token"
+        "refresh_token",
+        "urn:ietf:params:oauth:grant-type:device_code",
+        "urn:ietf:params:oauth:grant-type:token-exchange"
     ],
     "allowIdTokenWithoutImplicitGrantType": true,
     "subjectTypesSupported":[