diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js b/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js
index 3f9fe6d5e..66d57793b 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js
+++ b/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js
@@ -341,7 +341,7 @@ var DynRegEditView = Backbone.View.extend({
             logo_uri:$('#logoUri input').val(),
             grant_types: grantTypes,
             scope: scopes,
-            
+            client_secret: null, // never send a client secret
             tos_uri: $('#tosUri input').val(),
             policy_uri: $('#policyUri input').val(),
             client_uri: $('#clientUri input').val(),
diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/rsreg.js b/openid-connect-server-webapp/src/main/webapp/resources/js/rsreg.js
index f99a16051..9c327a42f 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/js/rsreg.js
+++ b/openid-connect-server-webapp/src/main/webapp/resources/js/rsreg.js
@@ -302,7 +302,7 @@ var ResRegEditView = Backbone.View.extend({
             client_name:$('#clientName input').val(),
             logo_uri:$('#logoUri input').val(),
             scope: scopes,
-            
+            client_secret: null, // never send a client secret
             tos_uri: $('#tosUri input').val(),
             policy_uri: $('#policyUri input').val(),
             client_uri: $('#clientUri input').val(),
diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html b/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html
index 504c1cd05..633b9ac36 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html
+++ b/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html
@@ -67,8 +67,8 @@
 			<div class="control-group">
 				<div class="controls">
 					<div class="alert alert-error">
-						<strong>Warning!</strong> You MUST protect your Client ID, Client Secret, and your Registration Access Token. If
-						you lose your Client ID or Registration Access Token, you will no longer have access to your client's registration
+						<strong>Warning!</strong> You MUST protect your <b>Client ID</b>, <b>Client Secret (if provided)</b>, and your <b>Registration Access Token</b>. 
+						If you lose your Client ID or Registration Access Token, you will no longer have access to your client's registration
 						records and you will need to register a new client.
 					</div>
 				</div>
@@ -87,7 +87,21 @@
 				<label class="control-label">Client Secret</label>
     	        <div class="control-group">
             	    <div class="controls">
-						<pre><%=client.client_id ? (client.client_secret ? client.client_secret : 'None (public client)') : 'Will be generated'%></pre>
+						<% if (client.client_id) { %>
+							<% if (client.client_secret) { %>
+								<pre><%= client.client_secret %></pre>
+							<% } else { %>
+								<% if (client.token_endpoint_auth_method == 'none') { %>
+									<pre>None (public client)</pre>
+								<% } else if (client.token_endpoint_auth_method == 'private_key_jwt') { %>
+									<pre>None (private key authentication)</pre>
+								<% } else { %>
+									<p class="text-error"><b>Unknown error:</b> no client secret and unknown auth method.</p>
+								<% } %>
+							<% } %>
+						<% } else { %>
+							<pre>Will be generated</pre>
+						<% } %>
 	                </div>
     	        </div>
 
diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/rsreg.html b/openid-connect-server-webapp/src/main/webapp/resources/template/rsreg.html
index 7436c4f8e..3aa65b7cf 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/template/rsreg.html
+++ b/openid-connect-server-webapp/src/main/webapp/resources/template/rsreg.html
@@ -65,9 +65,9 @@
 			<div class="control-group">
 				<div class="controls">
 					<div class="alert alert-error">
-						<strong>Warning!</strong> You MUST protect your resource ID, Secret, and your Registration Access Token. If
-						you lose your ID or Registration Access Token, you will no longer have access to your resource's registration
-						records and you will need to register a new resource.
+						<strong>Warning!</strong> You MUST protect your <b>Client ID</b>, <b>Client Secret (if provided)</b>, and your <b>Registration Access Token</b>. 
+						If you lose your Client ID or Registration Access Token, you will no longer have access to your client's registration
+						records and you will need to register a new client.
 					</div>
 				</div>
 
@@ -85,7 +85,21 @@
 				<label class="control-label">Client Secret</label>
     	        <div class="control-group">
             	    <div class="controls">
-						<pre><%=client.client_id ? (client.client_secret ? client.client_secret : 'None (public client)') : 'Will be generated'%></pre>
+						<% if (client.client_id) { %>
+							<% if (client.client_secret) { %>
+								<pre><%= client.client_secret %></pre>
+							<% } else { %>
+								<% if (client.token_endpoint_auth_method == 'none') { %>
+									<pre>None (public client)</pre>
+								<% } else if (client.token_endpoint_auth_method == 'private_key_jwt') { %>
+									<pre>None (private key authentication)</pre>
+								<% } else { %>
+									<p class="text-error"><b>Unknown error:</b> no client secret and unknown auth method.</p>
+								<% } %>
+							<% } %>
+						<% } else { %>
+							<pre>Will be generated</pre>
+						<% } %>
 	                </div>
     	        </div>