diff --git a/packages/oidc-auth/src/index.ts b/packages/oidc-auth/src/index.ts
index 4975a008..8b13824b 100644
--- a/packages/oidc-auth/src/index.ts
+++ b/packages/oidc-auth/src/index.ts
@@ -113,6 +113,7 @@ const setOidcAuthEnv = (c: Context, config?: Partial<OidcAuthEnv>) => {
   if (oidcAuthEnv.OIDC_CLIENT_SECRET === undefined) {
     throw new HTTPException(500, { message: 'OIDC client secret is not provided' })
   }
+  // Allow empty string as valid client secret
   oidcAuthEnv.OIDC_REDIRECT_URI = oidcAuthEnv.OIDC_REDIRECT_URI ?? defaultOidcRedirectUri
   if (!oidcAuthEnv.OIDC_REDIRECT_URI.startsWith('/')) {
     try {
@@ -167,11 +168,18 @@ export const getClient = (c: Context): oauth2.Client => {
   const env = getOidcAuthEnv(c)
   let client = c.get('oidcClient')
   if (client === undefined) {
-    client = {
-      client_id: env.OIDC_CLIENT_ID,
-      client_secret: env.OIDC_CLIENT_SECRET,
-      token_endpoint_auth_method: 'client_secret_basic',
-    }
+    client =
+      env.OIDC_CLIENT_SECRET === ''
+        ? {
+            // No client secret provided, use 'none' auth method
+            client_id: env.OIDC_CLIENT_ID,
+            token_endpoint_auth_method: 'none',
+          }
+        : {
+            client_id: env.OIDC_CLIENT_ID,
+            client_secret: env.OIDC_CLIENT_SECRET,
+            token_endpoint_auth_method: 'client_secret_basic',
+          }
     c.set('oidcClient', client)
   }
   return client