diff --git a/modules/openiddict/app/OpenIddict.Demo.Client.Console/Program.cs b/modules/openiddict/app/OpenIddict.Demo.Client.Console/Program.cs
index 90ce819094..501cf0b543 100644
--- a/modules/openiddict/app/OpenIddict.Demo.Client.Console/Program.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.Client.Console/Program.cs
@@ -147,3 +147,16 @@ Console.WriteLine("Access token: {0}", tokenResponse.AccessToken);
 Console.WriteLine();
 Console.WriteLine("Refresh token: {0}", tokenResponse.RefreshToken);
 Console.WriteLine();
+
+serverRequest = new HttpRequestMessage(HttpMethod.Get, api);
+serverRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokenResponse.AccessToken);
+
+serverResponse = await client.SendAsync(serverRequest);
+serverResponse.EnsureSuccessStatusCode();
+
+Console.WriteLine("ClientCredentials API response: {0}", JsonSerializer.Serialize(JsonDocument.Parse(await serverResponse.Content.ReadAsStringAsync()), new JsonSerializerOptions
+{
+    WriteIndented = true
+}));
+
+Console.WriteLine();
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
index 58a2391456..8e103f92fa 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
@@ -127,6 +127,8 @@ public class AbpOpenIddictAspNetCoreModule : AbpModule
                     builder.AddEventHandler(AbpValidatePostLogoutRedirectUriParameter.Descriptor);
                 }
 
+                builder.AddEventHandler(RemoveClaimsFromClientCredentialsGrantType.Descriptor);
+
                 services.ExecutePreConfiguredActions(builder);
             });
 
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.ClientCredentials.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.ClientCredentials.cs
index 8e0b9b6576..4a853b2d9c 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.ClientCredentials.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.ClientCredentials.cs
@@ -28,6 +28,12 @@ public partial class TokenController
             TokenValidationParameters.DefaultAuthenticationType,
             OpenIddictConstants.Claims.PreferredUsername, OpenIddictConstants.Claims.Role);
 
+        // The Subject and PreferredUsername will be removed by <see cref="RemoveClaimsFromClientCredentialsGrantType"/>.
+
+        // Use the client_id as the subject identifier.
+        identity.AddClaim(OpenIddictConstants.Claims.Subject, await ApplicationManager.GetClientIdAsync(application),
+            OpenIddictConstants.Destinations.AccessToken, OpenIddictConstants.Destinations.IdentityToken);
+
         identity.AddClaim(OpenIddictConstants.Claims.PreferredUsername, await ApplicationManager.GetDisplayNameAsync(application),
             OpenIddictConstants.Destinations.AccessToken, OpenIddictConstants.Destinations.IdentityToken);
 
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/RemoveClaimsFromClientCredentialsGrantType.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/RemoveClaimsFromClientCredentialsGrantType.cs
new file mode 100644
index 0000000000..8ac866283b
--- /dev/null
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/RemoveClaimsFromClientCredentialsGrantType.cs
@@ -0,0 +1,30 @@
+using System.Threading.Tasks;
+using OpenIddict.Abstractions;
+using OpenIddict.Server;
+
+namespace Volo.Abp.OpenIddict;
+
+public class RemoveClaimsFromClientCredentialsGrantType : IOpenIddictServerHandler<OpenIddictServerEvents.ProcessSignInContext>
+{
+    public static OpenIddictServerHandlerDescriptor Descriptor { get; }
+        = OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ProcessSignInContext>()
+            .AddFilter<OpenIddictServerHandlerFilters.RequireAccessTokenGenerated>()
+            .UseSingletonHandler<RemoveClaimsFromClientCredentialsGrantType>()
+            .SetOrder(OpenIddictServerHandlers.PrepareAccessTokenPrincipal.Descriptor.Order - 1)
+            .SetType(OpenIddictServerHandlerType.Custom)
+            .Build();
+
+    public ValueTask HandleAsync(OpenIddictServerEvents.ProcessSignInContext context)
+    {
+        if (context.Request.IsClientCredentialsGrantType())
+        {
+            if (context.Principal != null)
+            {
+                context.Principal.RemoveClaims(OpenIddictConstants.Claims.Subject);
+                context.Principal.RemoveClaims(OpenIddictConstants.Claims.PreferredUsername);
+            }
+        }
+
+        return default;
+    }
+}