diff --git a/docs/toolhive/reference/cli/thv_run.md b/docs/toolhive/reference/cli/thv_run.md
index a714977..84c1004 100644
--- a/docs/toolhive/reference/cli/thv_run.md
+++ b/docs/toolhive/reference/cli/thv_run.md
@@ -110,6 +110,7 @@ thv run [flags] SERVER_OR_IMAGE_OR_PROTOCOL [-- ARGS...]
       --oidc-audience string                       Expected audience for the token
       --oidc-client-id string                      OIDC client ID
       --oidc-client-secret string                  OIDC client secret (optional, for introspection)
+      --oidc-insecure-allow-http                   Allow HTTP (non-HTTPS) OIDC issuers for local development/testing (WARNING: Insecure!)
       --oidc-introspection-url string              URL for token introspection endpoint
       --oidc-issuer string                         OIDC issuer URL (e.g., https://accounts.google.com)
       --oidc-jwks-url string                       URL to fetch the JWKS from
diff --git a/static/api-specs/toolhive-api.yaml b/static/api-specs/toolhive-api.yaml
index 1d7a4ab..3e07926 100644
--- a/static/api-specs/toolhive-api.yaml
+++ b/static/api-specs/toolhive-api.yaml
@@ -61,6 +61,11 @@ components:
         clientSecret:
           description: ClientSecret is the optional OIDC client secret for introspection
           type: string
+        insecureAllowHTTP:
+          description: |-
+            InsecureAllowHTTP allows HTTP (non-HTTPS) OIDC issuers for development/testing
+            WARNING: This is insecure and should NEVER be used in production
+          type: boolean
         introspectionURL:
           description: IntrospectionURL is the optional introspection endpoint for
             validating tokens