diff --git a/server/handlers.go b/server/handlers.go
index a7a55aa2..e0eb4045 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -960,7 +960,7 @@ func (s *Server) withClientFromStorage(w http.ResponseWriter, r *http.Request, h
 		return
 	}
 
-	if subtle.ConstantTimeCompare([]byte(client.Secret), []byte(clientSecret)) != 1 {
+	if !client.Public && subtle.ConstantTimeCompare([]byte(client.Secret), []byte(clientSecret)) != 1 {
 		if clientSecret == "" {
 			s.logger.InfoContext(r.Context(), "missing client_secret on token request", "client_id", client.ID)
 		} else {