diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/BackwardsCompatibleTokenEndpointAuthenticationFilter.java b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/BackwardsCompatibleTokenEndpointAuthenticationFilter.java
index 92b11c32bd2..7fa0b590864 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/BackwardsCompatibleTokenEndpointAuthenticationFilter.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/BackwardsCompatibleTokenEndpointAuthenticationFilter.java
@@ -132,7 +132,12 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
                 if (clientAuth.isAuthenticated()) {
                     // Ensure the OAuth2Authentication is authenticated
                     authorizationRequest.setApproved(true);
-                    String clientAuthentication = UaaSecurityContextUtils.getClientAuthenticationMethod(clientAuth);
+                    String clientAuthentication = null;
+                    if (clientAuth instanceof OAuth2Authentication) {
+                        clientAuthentication = UaaSecurityContextUtils.getClientAuthenticationMethod(clientAuth);
+                    } else if (clientAuth.getDetails() instanceof UaaAuthenticationDetails) {
+                        clientAuthentication = ((UaaAuthenticationDetails) clientAuth.getDetails()).getAuthenticationMethod();
+                    }
                     if (clientAuthentication != null) {
                         authorizationRequest.getExtensions().put(ClaimConstants.CLIENT_AUTH_METHOD, clientAuthentication);
                     }