diff --git a/app/models/api/openid_connect/o_auth_application.rb b/app/models/api/openid_connect/o_auth_application.rb
index d29856601..8d4005c39 100644
--- a/app/models/api/openid_connect/o_auth_application.rb
+++ b/app/models/api/openid_connect/o_auth_application.rb
@@ -46,7 +46,8 @@ module Api
 
       def as_json(opts={})
         data = super
-        data[:client_secret_expires_at] = 0
+        data["client_secret_expires_at"] = 0
+        data["token_endpoint_auth_method"] ||= "client_secret_post"
         data
       end
 
diff --git a/spec/controllers/api/openid_connect/clients_controller_spec.rb b/spec/controllers/api/openid_connect/clients_controller_spec.rb
index 63beab027..ce51fee21 100644
--- a/spec/controllers/api/openid_connect/clients_controller_spec.rb
+++ b/spec/controllers/api/openid_connect/clients_controller_spec.rb
@@ -3,7 +3,7 @@
 describe Api::OpenidConnect::ClientsController, type: :controller, suppress_csrf_verification: :none do
   describe "#create" do
     context "when valid parameters are passed" do
-      it "should return a client id" do
+      before do
         stub_request(:get, "http://example.com/uris")
           .with(headers: {
                   "Accept"          => "*/*",
@@ -15,15 +15,27 @@ describe Api::OpenidConnect::ClientsController, type: :controller, suppress_csrf
              response_types: [], grant_types: [], application_type: "web", contacts: [],
              logo_uri: "http://example.com/logo.png", client_uri: "http://example.com/client",
              policy_uri: "http://example.com/policy", tos_uri: "http://example.com/tos",
-             sector_identifier_uri: "http://example.com/uris", subject_type: "pairwise"}
+             sector_identifier_uri: "http://example.com/uris", subject_type: "pairwise"}      end
+
+      it "should return a client id" do
         client_json = JSON.parse(response.body)
         expect(client_json["client_id"].length).to eq(32)
         expect(client_json["ppid"]).to eq(true)
       end
+
+      it "should return a client secret expiration time" do
+        client_json = JSON.parse(response.body)
+        expect(client_json["client_secret_expires_at"]).to eq(0)
+      end
+
+      it "should return a default token endpoint authentication method" do
+        client_json = JSON.parse(response.body)
+        expect(client_json["token_endpoint_auth_method"]).to eq("client_secret_post")
+      end
     end
 
     context "when valid parameters with jwks is passed" do
-      it "should return a client id" do
+      before do
         stub_request(:get, "http://example.com/uris")
           .with(headers: {
                   "Accept"          => "*/*",
@@ -77,10 +89,18 @@ describe Api::OpenidConnect::ClientsController, type: :controller, suppress_csrf
                        }
                      ]
              }}
+      end
+
+      it "should return a client id" do
         client_json = JSON.parse(response.body)
         expect(client_json["client_id"].length).to eq(32)
         expect(client_json["ppid"]).to eq(true)
       end
+
+      it "should retain the token endpoint authentication  method" do
+        client_json = JSON.parse(response.body)
+        expect(client_json["token_endpoint_auth_method"]).to eq("private_key_jwt")
+      end
     end
 
     context "when valid parameters with jwks_uri is passed" do