diff --git a/src/controllers/openid_controller.rs b/src/controllers/openid_controller.rs
index f464283..b3e0c1f 100644
--- a/src/controllers/openid_controller.rs
+++ b/src/controllers/openid_controller.rs
@@ -369,9 +369,7 @@ pub async fn token(
     let (client_id, client_secret) =
         match (&query.client_id, &query.client_secret, authorization_header) {
             // post authentication
-            (Some(client_id), Some(client_secret), None) => {
-                (client_id.clone(), client_secret.to_string())
-            }
+            (Some(client_id), client_secret, None) => (client_id.clone(), client_secret.clone()),
 
             // Basic authentication
             (_, None, Some(v)) => {
@@ -402,8 +400,8 @@ pub async fn token(
                 .to_string();
 
                 match decode.split_once(':') {
-                    None => (ClientID(decode), "".to_string()),
-                    Some((id, secret)) => (ClientID(id.to_string()), secret.to_string()),
+                    None => (ClientID(decode), None),
+                    Some((id, secret)) => (ClientID(id.to_string()), Some(secret.to_string())),
                 }
             }
 
@@ -421,7 +419,7 @@ pub async fn token(
         .ok_or_else(|| ErrorUnauthorized("Client not found"))?;
 
     // Retrieving token requires the client to have a defined secret
-    if client.secret != Some(client_secret) {
+    if client.secret != client_secret {
         return Ok(error_response(
             &query,
             "invalid_request",