diff --git a/apps/authentication/backends/oidc/backends.py b/apps/authentication/backends/oidc/backends.py
index d1d7bd48c..450de565c 100644
--- a/apps/authentication/backends/oidc/backends.py
+++ b/apps/authentication/backends/oidc/backends.py
@@ -103,9 +103,23 @@ class OIDCAuthCodeBackend(OIDCBaseBackend):
         # Prepares the token payload that will be used to request an authentication token to the
         # token endpoint of the OIDC provider.
         logger.debug(log_prompt.format('Prepares token payload'))
+
+        """ The reason for need not client_id and client_secret in token_payload.
+
+        OIDC protocol indicate client's token_endpoint_auth_method only accept one type in
+            - client_secret_basic
+            - client_secret_post
+            - client_secret_jwt
+            - private_key_jwt
+            - none
+        If the client offer more than one auth method type to OIDC, OIDC will auth client failed.
+        OIDC default use client_secret_basic, this type only need in headers add Authorization=Basic xxx.
+        More info see: https://github.com/jumpserver/jumpserver/issues/8165
+
+        """
         token_payload = {
-            'client_id': settings.AUTH_OPENID_CLIENT_ID,
-            'client_secret': settings.AUTH_OPENID_CLIENT_SECRET,
+            # 'client_id': settings.AUTH_OPENID_CLIENT_ID,
+            # 'client_secret': settings.AUTH_OPENID_CLIENT_SECRET,
             'grant_type': 'authorization_code',
             'code': code,
             'redirect_uri': build_absolute_uri(