diff --git a/src/fastapi_oidc_op/app.py b/src/fastapi_oidc_op/app.py
index 144798d..beb0896 100644
--- a/src/fastapi_oidc_op/app.py
+++ b/src/fastapi_oidc_op/app.py
@@ -16,6 +16,7 @@ from fastapi_oidc_op.authn.webauthn import WebAuthnService
 from fastapi_oidc_op.config import Settings, StorageBackend
 from fastapi_oidc_op.invite.service import MagicLinkService
 from fastapi_oidc_op.manage.routes import router as manage_router
+from fastapi_oidc_op.oidc.provider import create_oidc_server
 from fastapi_oidc_op.store.sqlite.migrations import run_migrations
 from fastapi_oidc_op.store.sqlite.repositories import (
     SQLiteCredentialRepository,
@@ -57,6 +58,24 @@ async def lifespan(app: FastAPI) -> AsyncIterator[None]:
             ttl=settings.invite_ttl,
         )
 
+        # OIDC Server
+        oidc_server = create_oidc_server(settings)
+        app.state.oidc_server = oidc_server
+
+        # Register management client
+        manage_secret = settings.session_secret or secrets.token_hex(32)
+        oidc_server.context.cdb[settings.manage_client_id] = {
+            "client_id": settings.manage_client_id,
+            "client_secret": manage_secret,
+            "redirect_uris": [(f"{settings.issuer}/manage/callback", {})],
+            "response_types_supported": ["code"],
+            "token_endpoint_auth_method": "client_secret_basic",
+            "scope": ["openid", "profile", "email"],
+            "allowed_scopes": ["openid", "profile", "email"],
+            "client_salt": secrets.token_hex(8),
+        }
+        oidc_server.keyjar.add_symmetric(settings.manage_client_id, manage_secret)
+
         yield
         await db.close()
     else:
diff --git a/tests/test_oidc/test_app_integration.py b/tests/test_oidc/test_app_integration.py
new file mode 100644
index 0000000..2a0165b
--- /dev/null
+++ b/tests/test_oidc/test_app_integration.py
@@ -0,0 +1,14 @@
+from httpx import AsyncClient
+
+
+async def test_oidc_server_on_app_state(client: AsyncClient) -> None:
+    app = client._transport.app  # type: ignore[union-attr]
+    assert hasattr(app.state, "oidc_server")
+    assert app.state.oidc_server is not None
+
+
+async def test_manage_client_registered(client: AsyncClient) -> None:
+    app = client._transport.app  # type: ignore[union-attr]
+    oidc_server = app.state.oidc_server
+    settings = app.state.settings
+    assert settings.manage_client_id in oidc_server.context.cdb