diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py
index c42225d0af..a0b9327e18 100644
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@@ -439,15 +439,14 @@ class TokenParams:
                 # (22 chars being the length of the "template")
                 username=f"ak-{self.provider.name[:150-22]}-client_credentials",
                 defaults={
-                    "attributes": {
-                        USER_ATTRIBUTE_GENERATED: True,
-                    },
                     "last_login": timezone.now(),
                     "name": f"Autogenerated user from application {app.name} (client credentials)",
                     "path": f"{USER_PATH_SYSTEM_PREFIX}/apps/{app.slug}",
                     "type": UserTypes.SERVICE_ACCOUNT,
                 },
             )
+            self.user.attributes[USER_ATTRIBUTE_GENERATED] = True
+            self.user.save()
         self.__check_policy_access(app, request)
 
         Event.new(
@@ -471,9 +470,6 @@ class TokenParams:
             self.user, created = User.objects.update_or_create(
                 username=f"{self.provider.name}-{token.get('sub')}",
                 defaults={
-                    "attributes": {
-                        USER_ATTRIBUTE_GENERATED: True,
-                    },
                     "last_login": timezone.now(),
                     "name": (
                         f"Autogenerated user from application {app.name} (client credentials JWT)"
@@ -482,6 +478,8 @@ class TokenParams:
                     "type": UserTypes.SERVICE_ACCOUNT,
                 },
             )
+            self.user.attributes[USER_ATTRIBUTE_GENERATED] = True
+            self.user.save()
             exp = token.get("exp")
             if created and exp:
                 self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp