diff --git a/server/handlers.go b/server/handlers.go
index dc80f6c828..add2031ccc 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -759,11 +759,12 @@ func (s *Server) handleToken(w http.ResponseWriter, r *http.Request) {
 		}
 		return
 	}
-	if clientSecret == "" && client.Secret != "" && r.PostFormValue("code_verifier") != "" {
-		s.logger.Infof("detected PKCE token request without client_secret on client %s. "+
-			"Set the client to be pubic without client_secret, if you want to allow this.", client.ID)
-	}
 	if client.Secret != clientSecret {
+		if clientSecret == "" {
+			s.logger.Infof("missing client_secret on token request for client: %s", client.ID)
+		} else {
+			s.logger.Infof("invalid client_secret on token request for client: %s", client.ID)
+		}
 		s.tokenErrHelper(w, errInvalidClient, "Invalid client credentials.", http.StatusUnauthorized)
 		return
 	}