diff --git a/e2e/playwright-report-embedded/index.html b/e2e/playwright-report-embedded/index.html
index 5a1660df4..5c3bb9109 100644
--- a/e2e/playwright-report-embedded/index.html
+++ b/e2e/playwright-report-embedded/index.html
@@ -82,4 +82,4 @@
     <div id='root'></div>
   </body>
 </html>
-<script id="playwrightReportBase64" type="application/zip">data:application/zip;base64,UEsDBBQAAAgIACljT1zEP0SwPgcAAIBCAAAZAAAAMTAyOWMzMGM3ZjhiMWIwNmFjZjMuanNvbu1ba0/jRhT9K6P5QkB5+BU/0u5KXQpaVLStFrYrldBqYk/IFNsTecawW8p/ryZxsD3Yie0kEAqID449vp65955r+5zrOzgmPj7x4ACqiua4uuJaY3ukjhQTuWMdtmfHP6EAwwFk5CrskLDLptjtcgbbkGPGGRxc3M22Ss10vLHieobjqbZnONhQ+56titMJ92eGJzT2PRDh0MMR4BMMcDDCnoc98OMZuQpPQtB7D1waTGmIQw5uCZ+AMY0CMCbY98RMphH9G7s8mak7iWhA4gC2oU9dxAkN4eButpbCdfgkxHBgtqFL/TgI4cC6b0MvjpIzbctpQxSGlM92iBVftiFHV8kWjblLZxfG36bY5dgTM0J8AgcX8GixFLGSzkkIjn16Cy/bMMIs9hP3SddiHEX8nMxMaopmdhSto/bPFXPQ7w9Uq6to9h9QWODRdzhQxAl4mgQi8ekHPKYRBh8pvRYrXGlRV4TF7DzUIrPH5BuPIwyGcBTRW4ajIaxkXc9b71tWkfVTFIfuBCSmKxk2ZMNmaviyDRHnyJ0EOOTJDpfGIYcDsbhrMp1iDw7GyGf4vtbgdpFHXBpy/I1X8oipqvmJm0X+OIww4hgkhiuZ1fJmjWfzxhRd4YqusPJz1mxjiTOE3UpWbdmq/hS+aOq4T+iGXIn1cQqGsCdqFAkr+c9RpJirxoqV1qiJVloTVfO+fCltyELxm8MBBMNYUdTRhaMEAJjg3+Sn7gQAAHGjaC32aMHeurV/L7W+2NKDduaSi00zQOx76GaOtO5ELt3vg/TEd+8zx++GYW4plrQUkLV9iwjPHJ1l/4PZbnrkinKaXX8S6cwy9tPzfsgsLj8XkJvLYlNd+ECdzy/9+zM5oGnBI4cpsnE7axxms/QrIlx4HzDsY5fTCMxyiUatvQsPcdQR4SXeuyFE7ApFHqadRSZf7u2vTGa7qxhyMXD6G0tmVVk3m52yFHCUoNcDD+4ReXz28y97rDiJOQUkJJwgn/yDAQof8j+T2GWhV5VNpKEYd0yjsySMrXTQ2dHp0eH5r5/PioCVsbCA6Xx9hUPEfQuREEfFyLzjJMA05unRQUFO9wNdSXf/pSjK/bMjRFVLEXI0ewIEQ8jpB/w7YWTk4yGsCpNOzHAUogBXxYtuSA9AhrU5uGiZB2KtAVzybpJcqNVI4/ljdas0mxfe3UoWL0JyEk5jvr9fOCYT7NZWsrPpX62s1l9KSKaIsVsaeeuFZJO4XcyoMm4d+aFtc7DV14Xtq4bma0PBSyhMxksJCYtHAeEfYs5puBN1aT6h6lVJ31pVMjJVSW1SlV41Ll8ZBJ6nKNWqSX0pICVvJTkw/zTmOKrIyQo09vNodOzllGxFyq3AstKQGluTBy1aYzER6lNWnQe1u0bfzJvVV7AIz0D+XbYhjiIaJeMYRzxmcABF+ZgpCI8UB8m2sECv4YBH8TwSSzUYQ7Oxh92+jTVsq46G0ch4rMGw2HUxY+PY978DUcsBCeec2w3yiQfcCHs4FMwFAzcEpWTdA7mxITFGtcrUGFXT9CeTY+YXW5lu8/vmxvSYB4uZifS15eCvgzpDRt0ywr0G6paY3U31QczZkdnzZVJMJfVhldUdKUAbUB/srmlIOotq1lcfut3e/H+C/SmOWA/FfNJJfuQk2oxGqxqN9Ih+OScFTFmtKH/G2j7BX+uZpxa/b1rPR/DbskKpWSuqxFr54qydL3ZxShQQ/mVUv0+RV0Lyg3FEg9nJJz//Vp6WsuzQIC1fA+G/PcRYsuiyqxHIMWLrRUHtV4rCZspHTeHD6Sq2JBSa9YWPymXEUtYuI28QrgDhN5jtRLErVzePie+DIUReIO74WwO32jdKu6M2ju2Mymk2kUskf8nOlMWUBin9hBpK4ZAx8f1W5s1/qZ1tpO82iTxgycTyrkUozyc3j9DCToX7eEOc11NBna5qqnK3zxaBrq8N9DcsF1W4N/zseoWTxaNdi1BOMyoc4frEva6ilx6KgVuRR52u6sjlqn5vYvVylRFMzSaC6Rswi8vV/xsMT1qG6lWh/mrWMZzz0AIyq+GoyS3+W6WeLWtdDsAqYZfnVOJcG071t1RaSySytugoBgxzBhhmjNAwIRU9EmGXM0E19jzEJiOKIq88/+U29gb5n7xjf/l8mmW6Dw7Syx8crGzMf8FsYAkn/LQ0xaNQ5+1jX4igHzHySHi1XgQ2zARO1Ep3W92WlQJjRZvCWvC214b36wDWW/I/e/nJc8n3Zf2CH9EN/vL5tIKM63RNTe5H3lzrn5Zhz7Um0FKdcoJNq/M5TKYxrqwzLXFaK02A3nCYwq+Xjt1q51qdhNAqfY1yOCf2z2c9IrWLsSl/aLvB9Mi86GhWg/TQ9CXp0aBvcjIvG2UZknFktkh/ndccMELu9ba/5muaKNvuWRR5IrUAFX/LW7tRp8DyM/UsFq1RL+wYqtWz6HRNW/oEX7d3rmVosz2Ll/f/AVBLAwQUAAAICAApY09cjh0weMYBAABLBAAACwAAAHJlcG9ydC5qc29uxZNBi9swEIX/ipizkkaOEzui9NZCLr200MOSgyKNYzWyZKTxbpfg/17kOM1Cd+llobcZoXlv3id0gQ5JGUUK5AWUpkG5HyGeMSaQYuSQSEX6bjsEKapKiHW9EWVZVxzMEBXZ4EFu1sV2udluOTTWYQL5cJmqvQEJYlXs9Hqlq6Y+iuNqq3SzhuvNryrLQrInv7B+mXrUS0rAgTDRVSZXb8osTLPSptwZUZtyh6XYmFrkcUtuEm7D4AyL6A1GRi0y7I5oDBr28Zs9+b1nHz4xHbo+ePTEniy1rAmxY41FZ/ImfQw/UdO8qW5j6OzQAQcX9Jz+mvXVHM56BLnloIMbOg+yGl9yq6sdB+V9oOkgJz5wIHWaqzCQDpMx/upRE5q8kaIW5AN8vkXJSRZ7z7648AR56gyS4oAcIqbBzSAVkdJth37qD+Nh5P+iWxY1GtSbGgusxa5AdSz/ppsGrTGlZnDumWUEzPoryUflrGE6okFPVrnEHq26P8Ef7u+EWVRvcRZFsf6PoA/TL8rtBSiQciALfnfKzeDv7YpD49T5earS2fb9fHrzG7PiC2LZ587s3d04YIwh3lD1M8HLyKFTurUer0F/A1BLAQI/AxQAAAgIACljT1zEP0SwPgcAAIBCAAAZAAAAAAAAAAAAAAC0gQAAAAAxMDI5YzMwYzdmOGIxYjA2YWNmMy5qc29uUEsBAj8DFAAACAgAKWNPXI4dMHjGAQAASwQAAAsAAAAAAAAAAAAAALSBdQcAAHJlcG9ydC5qc29uUEsFBgAAAAACAAIAgAAAAGQJAAAAAA==</script>
\ No newline at end of file
+<script id="playwrightReportBase64" type="application/zip">data:application/zip;base64,UEsDBBQAAAgIAGCVV1ySma5MfQYAAPQqAAAZAAAAMTAyOWMzMGM3ZjhiMWIwNmFjZjMuanNvbtVaa2/bNhT9KwS/2An80Mt6bS2wpgkaLOiGJl2B1dlAS7TNRSYNkkrapf7vAyU5duhHJMVKuyAfbEu65D3niLr3UPdwTBJ8HsMQmoYVRLYReWN/ZI4MF0VjG3ay4+/RDMMQCjKhXUJ7Yo6jnhSwAyUWUsDw8332aWeYbjw2otgJYtOPnQA75iD2TXU5kUkWeMrSJAYc0xhzIKcY4NkIxzGOwc+XZELPKei/BhGbzRnFVII7IqdgzPgMjAlOYjWTOWf/4EgWM42mnM1IOoMdmLAIScIoDO+zXLbmkRCKYeh2YMSSdEZh6C06ME55caXrBB2IKGUy+0FlfN2BEk2KTyyVEcsGxl/mOJI4VjNCcgrDz/B0mYrKpHtOwVnC7uB1B3Is0qSATxtLSMTlFclCWobldg2ra9lXph2aVjjwe4Hr/QlVBMm/wtBQF+B5QUSB6Rs8ZhyDd4zdqAyfjuiriKt52MHWsGfki0w5BkM44uxOYD6EZaJ7lhY9z1KPfoFSGk1BEbpUYFsP7K8CX3cgkhJF0xmmsvghYimVMDQ7UNyQ+RzHMByjROBFpZM72xCJGJX4iyyBSNCzLQ0RZxseJxwjiUERuFRYDQ/ru6ExRxNcEgpX49Dag4UK+9ygzSFRF7b36JZMVHqSgSHsqxWK0HLoDYLHiQbm/kQrLIjeakE03cXuTDpQUPVdwhACAFzwDQCgngjt1nOX9lYHIPGVRqB9r5hfHIFXr8H9kAIAvGwYANAdIjLTRW/CJGu3CvhaRz9l54HivLW/v7IDPvgG10n4pOKMGQcCJziSjIMMK8bbrc8xkqirUiLxqyFEYoJ4jFl3SdR166gEV87A1G76J0RZgSvTqEdWUKDT74OH/BVNl29/bYntHEkGCCWSoIT8iwGiD/Su8aYANo1NhtSnM8YvC4Tbl6cXpydXv3247C11kY/YU2seIhTzDriXZIZZKkNgG38bhrF4gljT1Ig9zZ7KYAgle4P/IIKMEjyEZdntpgJzima4NM2Bo6097gF5ttaqFKs0zwqTDBvrESd5vdLOqFnCsZOSJQ7ndJ7Ko6PeGprt3ZTU/cuptOtPd46EuGM83j7dQwpkOVJZgfgDr9JTuoo87HryaFQWzbHYjOic+tMV6WhG5JtUSkYb1Vw+UHnFBY0pzllTnFlecY1qojEKDyy4XG+DLN5CE8gvY4l5yQYu6PmuVluY5tYyukaB7rtar2LULKWf3TVtzMQ0t3apJwkTVdqmwNaf2C/SRVY9GXPOeHGekEimAoZQ3QyZ4bBhUGixVQR2A0PJ05yKvZaNY/k4xtHAxxb2zcDCaORsWjYijSIsxDhNkq9ArRCA0LyGv0UJiUHEcYypKhUFuCVoVfw/VJMH8m5Mb5d54znOi5k32VhPis1zDmrePERck6+5/9avcs8F3kC75w7iVOwL+6M6FYGnmQrWVhermlMReHox+OOtPc91KuzQMHqGoaHnuZWLkF6vn/9PcTLHXPRRKqfd4ssjL3fNzDWdCt7FIO+TgJu7GE+bC3otkHsLrveC5kIOr69Zf47dILxBTXj9DC7dbNhlMyQMxTsMBjDmbJZdfP729xzyQGfssGbDdqI9o/aojxqn9ZHNQTHyYRRUxcDIpGTq5qnle81pyTNqaqlRvhvldb+idPvqjCQJGEIUz9Rq0BjrjqktIGb1JrE86Ws2llvep8jAyVGydH4qGhW9MUmS9lqB+nB8Jz+1ujvg2ZVn+rjB3Zzp8ri2QtQUSgX7KhfK5vLQoFDsmkJpXB+N8npYBTqVZ/rIBOlFCYludAPrRP14eL8ql9hA7w6CBiW25mC55R2sFxDAwYg7jJwKNQ12lbY07w0UDSUo3mgAG33eePWKDM9dFqy5HbcyPFZeRuFJdNSeGRBYCiCwEITRonSNCceRFKqg7cdITEcM8TiH0ttRZHz8cNFuHR+vTj8+btWoTf3yNczDSL07nChD5B1GMaGTZ9WlU7PU3T7wtZdPXKdBJfg1lXAYrhrjZL8SVK282LX/8A7d4o8fLkp18e5g94srz9xJsNYaAas8M2aQl4SWscvzVyZ+kWO7PxyumOo/behn+Fl7dpRP8l7iKvPTKkvfHbiVbLAqcK491iyvNJyWXcC5dQtlmitQIbqWeLv1KRcoGKHoZs+LFxvAPnPro8Bwz/JR1/DbHvl77HzsyHH7S1LlNz7ysIGhOcd1M/y/bHxcL/4DUEsDBBQAAAgIAGCVV1wzZbh1xQEAAEoEAAALAAAAcmVwb3J0Lmpzb27Fk0GL2zAQhf+KmLOS2o4dO6b01kIuvbTQw5KDIo1jNbJkpNFul+D/XuQ4zUJ36WWhtxmheW/eJ3SBAUkoQQLaCwhJUZgfzp/RB2jziUMg4em7HhDavK7zpio2dV1UJQcVvSDtLLSbKqvXRVlx6LTBAO3DZa72ClrIs2InN5msu+aYH7OtkN0Grje/iiQLQZ/sStt1GFGuKQAHwkBXmVS9KbNSXSZVuVN5o8odlnmlmjyNazKzcO+iUcyjVegZ9chwOKJSqNjHb/pk95Z9+MSkG0Zn0RJ70tSzzvmBdRqNSpuM3v1EScumsvdu0HEADsbJJf0166s5jLYI7ZaDdCYOFtp6esltW+44CGsdzQcp8YEDidNSuUjSzcb4a0RJqNJGgnpoH+DzLUpKstpb9sW4J0hTZ2jJR+TgMUSzgBREQvYD2rk/TIeJ/4tuWTSoUFYNFtjkuwLFsfybbohSYghdNOaZJQRM2yvJR2G0YtKjQktamMAetbg/wR/u74Q5r9/iXJflf+R8mD9Rai9AjoSBtuB3p9REe28zDp0R5+e5Cmc9jsvpzW9Kii+AJZ87snd344DeO39DNS4ELxOHQcheW7wG/Q1QSwECPwMUAAAICABglVdckpmuTH0GAAD0KgAAGQAAAAAAAAAAAAAAtIEAAAAAMTAyOWMzMGM3ZjhiMWIwNmFjZjMuanNvblBLAQI/AxQAAAgIAGCVV1wzZbh1xQEAAEoEAAALAAAAAAAAAAAAAAC0gbQGAAByZXBvcnQuanNvblBLBQYAAAAAAgACAIAAAACiCAAAAAA=</script>
\ No newline at end of file
diff --git a/e2e/setup/thunder/app-registration.ts b/e2e/setup/thunder/app-registration.ts
index 0f6b0d15c..cf372697f 100644
--- a/e2e/setup/thunder/app-registration.ts
+++ b/e2e/setup/thunder/app-registration.ts
@@ -34,7 +34,7 @@ export async function getThunderAppClientId(): Promise<{clientId: string; applic
   let applicationId: string | undefined;
 
   try {
-    const result = thunderSqlite("SELECT APP_ID FROM SP_APP WHERE APP_NAME='React SDK Sample'");
+    const result = thunderSqlite("SELECT APP_ID FROM APPLICATION WHERE APP_NAME='React SDK Sample'");
 
     if (result) {
       applicationId = result;
@@ -44,15 +44,44 @@ export async function getThunderAppClientId(): Promise<{clientId: string; applic
     console.warn('[E2E] Could not retrieve Thunder application ID from database');
   }
 
-  // Patch the pre-configured app's OAuth config:
-  // 1. Add the callback URL to redirect_uris (bootstrap only has / and /dashboard)
-  // 2. Fix the token issuer to match the OIDC discovery issuer (baseUrl, not baseUrl/oauth2/token)
+  // Patch the pre-configured app to ensure:
+  // 1. allowed_user_types includes "Person" (admin user is Person type)
+  // 2. The callback URL is in redirect_uris
+  // 3. The token issuer matches the OIDC discovery issuer
+  try {
+    const appJson = thunderSqlite(
+      `SELECT APP_JSON FROM APPLICATION WHERE APP_NAME='React SDK Sample'`,
+    );
+
+    if (appJson) {
+      const appConfig = JSON.parse(appJson);
+      const userTypes: string[] = appConfig.allowed_user_types || [];
+
+      if (!userTypes.includes('Person')) {
+        userTypes.push('Person');
+        appConfig.allowed_user_types = userTypes;
+        const updatedAppJson = JSON.stringify(appConfig);
+
+        execSync(
+          `docker exec -i ${CONTAINER} sh -c 'cat > /tmp/app_config.json'`,
+          {input: updatedAppJson, encoding: 'utf-8'},
+        );
+        thunderSqlite(
+          `UPDATE APPLICATION SET APP_JSON=readfile('/tmp/app_config.json') WHERE APP_NAME='React SDK Sample'`,
+        );
+        console.log(`[E2E] Thunder app config updated (allowed_user_types includes Person)`);
+      }
+    }
+  } catch (err) {
+    console.warn('[E2E] Could not update Thunder app config:', err);
+  }
+
   const callbackUrl = `${SAMPLE_APP.url}${SAMPLE_APP.afterSignInPath}`;
   const correctIssuer = THUNDER_CONFIG.baseUrl;
 
   try {
     const configJson = thunderSqlite(
-      `SELECT OAUTH_CONFIG_JSON FROM IDN_OAUTH_CONSUMER_APPS WHERE CONSUMER_KEY='${clientId}'`,
+      `SELECT OAUTH_CONFIG_JSON FROM APP_OAUTH_INBOUND_CONFIG WHERE CLIENT_ID='${clientId}'`,
     );
 
     if (configJson) {
@@ -84,7 +113,7 @@ export async function getThunderAppClientId(): Promise<{clientId: string; applic
           {input: updatedJson, encoding: 'utf-8'},
         );
         thunderSqlite(
-          `UPDATE IDN_OAUTH_CONSUMER_APPS SET OAUTH_CONFIG_JSON=readfile('/tmp/oauth_config.json') WHERE CONSUMER_KEY='${clientId}'`,
+          `UPDATE APP_OAUTH_INBOUND_CONFIG SET OAUTH_CONFIG_JSON=readfile('/tmp/oauth_config.json') WHERE CLIENT_ID='${clientId}'`,
         );
         console.log(`[E2E] Thunder app OAuth config updated (redirect_uris, token issuer)`);
       }
diff --git a/e2e/thunder-bootstrap/02-sample-resources.sh b/e2e/thunder-bootstrap/02-sample-resources.sh
index 28f4100fd..453b2ae41 100755
--- a/e2e/thunder-bootstrap/02-sample-resources.sh
+++ b/e2e/thunder-bootstrap/02-sample-resources.sh
@@ -188,7 +188,7 @@ RESPONSE=$(thunder_api_call POST "/applications" "{
   \"registration_flow_graph_id\": \"${REG_FLOW_ID}\",
   \"is_registration_flow_enabled\": true,
   \"user_attributes\": [\"given_name\",\"family_name\",\"email\",\"groups\",\"name\"],
-  \"allowed_user_types\": [\"Customer\"],
+  \"allowed_user_types\": [\"Customer\", \"Person\"],
   \"inbound_auth_config\": [{
     \"type\": \"oauth2\",
     \"config\": {
@@ -201,7 +201,7 @@ RESPONSE=$(thunder_api_call POST "/applications" "{
       \"pkce_required\": true,
       \"public_client\": true,
       \"token\": {
-        \"issuer\": \"${PUBLIC_URL}/oauth2/token\",
+        \"issuer\": \"${PUBLIC_URL}\",
         \"access_token\": {
           \"validity_period\": 3600,
           \"user_attributes\": [\"given_name\",\"family_name\",\"email\",\"groups\",\"name\"]