diff --git a/app/src/main/java/org/linphone/ui/main/sso/viewmodel/SingleSignOnViewModel.kt b/app/src/main/java/org/linphone/ui/main/sso/viewmodel/SingleSignOnViewModel.kt
index 554fb2f7f..5b84a2655 100644
--- a/app/src/main/java/org/linphone/ui/main/sso/viewmodel/SingleSignOnViewModel.kt
+++ b/app/src/main/java/org/linphone/ui/main/sso/viewmodel/SingleSignOnViewModel.kt
@@ -21,6 +21,7 @@ package org.linphone.ui.main.sso.viewmodel
 
 import android.content.Intent
 import androidx.annotation.UiThread
+import androidx.core.net.toUri
 import androidx.lifecycle.MutableLiveData
 import androidx.lifecycle.viewModelScope
 import java.io.File
@@ -31,6 +32,9 @@ import net.openid.appauth.AuthorizationRequest
 import net.openid.appauth.AuthorizationResponse
 import net.openid.appauth.AuthorizationService
 import net.openid.appauth.AuthorizationServiceConfiguration
+import net.openid.appauth.ClientAuthentication
+import net.openid.appauth.ClientSecretBasic
+import net.openid.appauth.NoClientAuthentication
 import net.openid.appauth.ResponseTypeValues
 import org.json.JSONObject
 import org.linphone.LinphoneApplication.Companion.coreContext
@@ -42,7 +46,6 @@ import org.linphone.ui.GenericViewModel
 import org.linphone.utils.Event
 import org.linphone.utils.FileUtils
 import org.linphone.utils.TimestampUtils
-import androidx.core.net.toUri
 
 class SingleSignOnViewModel
     @UiThread
@@ -66,6 +69,7 @@ class SingleSignOnViewModel
     }
 
     private var clientId: String
+    private var clientSecret: String? = null
     private val redirectUri: String
 
     private var singleSignOnUrl = ""
@@ -91,6 +95,20 @@ class SingleSignOnViewModel
             singleSignOnUrl = ssoUrl
             username = user
 
+            coreContext.postOnCoreThread { core ->
+                for (authInfo in core.authInfoList) {
+                    if (authInfo.clientId == clientId) {
+                        Log.i("$TAG Found matching auth info for issuer [$clientId]")
+                        val secret = authInfo.clientSecret
+                        if (!secret.isNullOrEmpty()) {
+                            Log.i("$TAG A client secret has been found in AuthInfo")
+                            clientSecret = secret
+                        }
+                        break
+                    }
+                }
+            }
+
             try {
                 val parsedUrl = ssoUrl.toUri()
                 val urlClientId = parsedUrl.getQueryParameter("client_id")
@@ -130,6 +148,17 @@ class SingleSignOnViewModel
         }
     }
 
+    @UiThread
+    private fun getClientAuthentication(): ClientAuthentication {
+        return if (clientSecret != null) {
+            Log.i("$TAG Using ClientSecretBasic authentication")
+            ClientSecretBasic(clientSecret!!)
+        } else {
+            Log.i("$TAG Using NoClientAuthentication")
+            NoClientAuthentication.INSTANCE
+        }
+    }
+
     @UiThread
     private fun singleSignOn() {
         Log.i("$TAG Fetch from issuer [$singleSignOnUrl]")
@@ -197,7 +226,8 @@ class SingleSignOnViewModel
             Log.i("$TAG Starting refresh token request")
             try {
                 authService.performTokenRequest(
-                    authState.createTokenRefreshRequest()
+                    authState.createTokenRefreshRequest(),
+                    getClientAuthentication()
                 ) { resp, ex ->
                     if (resp != null) {
                         Log.i("$TAG Token refresh succeeded!")
@@ -243,7 +273,8 @@ class SingleSignOnViewModel
         if (::authService.isInitialized) {
             Log.i("$TAG Starting perform token request")
             authService.performTokenRequest(
-                response.createTokenExchangeRequest()
+                response.createTokenExchangeRequest(),
+                getClientAuthentication()
             ) { resp, ex ->
                 if (resp != null) {
                     Log.i("$TAG Token exchange succeeded!")