diff --git a/src/server/auth/router.test.ts b/src/server/auth/router.test.ts
index 2f020b728..ae280286b 100644
--- a/src/server/auth/router.test.ts
+++ b/src/server/auth/router.test.ts
@@ -213,7 +213,7 @@ describe('MCP Auth Router', () => {
             expect(response.body.response_types_supported).toEqual(['code']);
             expect(response.body.grant_types_supported).toEqual(['authorization_code', 'refresh_token']);
             expect(response.body.code_challenge_methods_supported).toEqual(['S256']);
-            expect(response.body.token_endpoint_auth_methods_supported).toEqual(['client_secret_post']);
+            expect(response.body.token_endpoint_auth_methods_supported).toEqual(['client_secret_post', 'none']);
             expect(response.body.revocation_endpoint_auth_methods_supported).toEqual(['client_secret_post']);
 
             // Verify optional fields
diff --git a/src/server/auth/router.ts b/src/server/auth/router.ts
index dc0a85a33..5229c4df8 100644
--- a/src/server/auth/router.ts
+++ b/src/server/auth/router.ts
@@ -92,7 +92,7 @@ export const createOAuthMetadata = (options: {
         code_challenge_methods_supported: ['S256'],
 
         token_endpoint: new URL(token_endpoint, baseUrl || issuer).href,
-        token_endpoint_auth_methods_supported: ['client_secret_post'],
+        token_endpoint_auth_methods_supported: ['client_secret_post', 'none'],
         grant_types_supported: ['authorization_code', 'refresh_token'],
 
         scopes_supported: options.scopesSupported,