diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/ClientDetailsAuthenticationProvider.java b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/ClientDetailsAuthenticationProvider.java
index 76d8c905b30..aff6c7aa31a 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/ClientDetailsAuthenticationProvider.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/ClientDetailsAuthenticationProvider.java
@@ -87,7 +87,9 @@ protected void additionalAuthenticationChecks(UserDetails userDetails, UsernameP
     }
 
     private static void setAuthenticationMethodNone(AbstractAuthenticationToken authentication) {
-        ((UaaAuthenticationDetails) authentication.getDetails()).setAuthenticationMethod(CLIENT_AUTH_NONE);
+        if (authentication.getDetails() instanceof  UaaAuthenticationDetails) {
+            ((UaaAuthenticationDetails) authentication.getDetails()).setAuthenticationMethod(CLIENT_AUTH_NONE);
+        }
     }
 
     private boolean isPublicGrantTypeUsageAllowed(Object uaaAuthenticationDetails) {
diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/BackwardsCompatibleTokenEndpointAuthenticationFilterTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/BackwardsCompatibleTokenEndpointAuthenticationFilterTest.java
index dba3b19dd47..f7ebc95fb99 100644
--- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/BackwardsCompatibleTokenEndpointAuthenticationFilterTest.java
+++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/BackwardsCompatibleTokenEndpointAuthenticationFilterTest.java
@@ -31,6 +31,7 @@
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
 import org.springframework.security.saml.SAMLProcessingFilter;
 import org.springframework.security.web.AuthenticationEntryPoint;
@@ -48,6 +49,7 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyMap;
 import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
@@ -124,9 +126,19 @@ public void attempt_password_authentication() throws Exception {
         request.addParameter(GRANT_TYPE, "password");
         request.addParameter("username", "marissa");
         request.addParameter("password", "koala");
+        when(passwordAuthManager.authenticate(any())).thenReturn(mock(UaaAuthentication.class));
+        UaaAuthentication clientAuthentication = mock(UaaAuthentication.class);
+        UaaAuthenticationDetails uaaAuthenticationDetails = mock(UaaAuthenticationDetails.class);
+        AuthorizationRequest authorizationRequest = mock(AuthorizationRequest.class);
+        when(clientAuthentication.getDetails()).thenReturn(uaaAuthenticationDetails);
+        when(clientAuthentication.isAuthenticated()).thenReturn(true);
+        when((uaaAuthenticationDetails.getAuthenticationMethod())).thenReturn("none");
+        when(requestFactory.createAuthorizationRequest(anyMap())).thenReturn(authorizationRequest);
+        SecurityContextHolder.getContext().setAuthentication(clientAuthentication);
         filter.doFilter(request, response, chain);
         verify(filter, times(1)).attemptTokenAuthentication(same(request), same(response));
         verify(passwordAuthManager, times(1)).authenticate(any());
+        verify(authorizationRequest, times(1)).getExtensions();
         verifyNoInteractions(samlAuthFilter);
         verifyNoInteractions(externalOAuthAuthenticationManager);
     }
diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaClientAuthenticationProviderTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaClientAuthenticationProviderTest.java
index fc14b22c74a..930acbf72a5 100644
--- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaClientAuthenticationProviderTest.java
+++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaClientAuthenticationProviderTest.java
@@ -118,6 +118,18 @@ void provider_authenticate_client_without_password_public_string() {
         assertNotNull(a);
     }
 
+    @Test
+    void provider_authenticate_client_with_empty_password_public_string() {
+        BaseClientDetails clientDetails = new BaseClientDetails(generator.generate(), "", "", "password", "uaa.resource");
+        clientDetails.setClientSecret("");
+        jdbcClientDetailsService.addClientDetails(clientDetails);
+        client = clientDetails;
+        UsernamePasswordAuthenticationToken a = getAuthenticationToken("password");
+        when(a.getCredentials()).thenReturn("");
+        authenticationProvider.additionalAuthenticationChecks(new UaaClient("cf", passwordEncoder.encode(""), Collections.emptyList(), client.getAdditionalInformation()), a);
+        assertNotNull(a);
+    }
+
     @Test
     void provider_refresh_client_without_password_public_boolean() {
         client = createClient(ClientConstants.ALLOW_PUBLIC, true);
diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java
index 51ef865cae9..5a8b76c69ed 100644
--- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java
+++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java
@@ -24,6 +24,7 @@
 import org.springframework.security.oauth2.common.exceptions.UnauthorizedClientException;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;
 import org.springframework.test.util.ReflectionTestUtils;
@@ -134,8 +135,13 @@ void testTokenRequestIncludesResourceIds() {
 
     @Test
     void test_user_token_request() {
+        OAuth2Authentication oAuth2Authentication = mock(OAuth2Authentication.class);
+        OAuth2Request oAuth2Request = mock(OAuth2Request.class);
         when(mockSecurityContextAccessor.isUser()).thenReturn(true);
         when(mockSecurityContextAccessor.getAuthorities()).thenReturn((Collection)AuthorityUtils.commaSeparatedStringToAuthorityList("uaa.user,requested.scope"));
+        when(oAuth2Authentication.getOAuth2Request()).thenReturn(oAuth2Request);
+        when(oAuth2Request.getExtensions()).thenReturn(Map.of("client_auth_method", "none"));
+        SecurityContextHolder.getContext().setAuthentication(oAuth2Authentication);
         BaseClientDetails recipient = new BaseClientDetails("recipient", "requested", "requested.scope", "password", "");
         parameters.put("scope", "requested.scope");
         parameters.put("client_id", recipient.getClientId());