diff --git a/src/mcp/server/auth/routes.py b/src/mcp/server/auth/routes.py
index 71a9c8b16..8d5a907e8 100644
--- a/src/mcp/server/auth/routes.py
+++ b/src/mcp/server/auth/routes.py
@@ -165,7 +165,7 @@ def build_metadata(
         response_types_supported=["code"],
         response_modes_supported=None,
         grant_types_supported=["authorization_code", "refresh_token"],
-        token_endpoint_auth_methods_supported=["client_secret_post", "client_secret_basic"],
+        token_endpoint_auth_methods_supported=["client_secret_post", "client_secret_basic", "none"],
         token_endpoint_auth_signing_alg_values_supported=None,
         service_documentation=service_documentation_url,
         ui_locales_supported=None,
@@ -182,7 +182,7 @@ def build_metadata(
     # Add revocation endpoint if supported
     if revocation_options.enabled:  # pragma: no branch
         metadata.revocation_endpoint = AnyHttpUrl(str(issuer_url).rstrip("/") + REVOCATION_PATH)
-        metadata.revocation_endpoint_auth_methods_supported = ["client_secret_post", "client_secret_basic"]
+        metadata.revocation_endpoint_auth_methods_supported = ["client_secret_post", "client_secret_basic", "none"]
 
     return metadata
 
diff --git a/tests/client/test_auth.py b/tests/client/test_auth.py
index 5f8bc1410..58a9e4da9 100644
--- a/tests/client/test_auth.py
+++ b/tests/client/test_auth.py
@@ -1245,10 +1245,10 @@ def test_build_metadata(
             "registration_endpoint": Is(registration_endpoint),
             "scopes_supported": ["read", "write", "admin"],
             "grant_types_supported": ["authorization_code", "refresh_token"],
-            "token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"],
+            "token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic", "none"],
             "service_documentation": Is(service_documentation_url),
             "revocation_endpoint": Is(revocation_endpoint),
-            "revocation_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"],
+            "revocation_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic", "none"],
             "code_challenge_methods_supported": ["S256"],
         }
     )
diff --git a/tests/server/fastmcp/auth/test_auth_integration.py b/tests/server/fastmcp/auth/test_auth_integration.py
index 08fcabf27..72dfc9bfe 100644
--- a/tests/server/fastmcp/auth/test_auth_integration.py
+++ b/tests/server/fastmcp/auth/test_auth_integration.py
@@ -320,7 +320,11 @@ async def test_metadata_endpoint(self, test_client: httpx.AsyncClient):
         assert metadata["revocation_endpoint"] == "https://auth.example.com/revoke"
         assert metadata["response_types_supported"] == ["code"]
         assert metadata["code_challenge_methods_supported"] == ["S256"]
-        assert metadata["token_endpoint_auth_methods_supported"] == ["client_secret_post", "client_secret_basic"]
+        assert metadata["token_endpoint_auth_methods_supported"] == [
+            "client_secret_post",
+            "client_secret_basic",
+            "none",
+        ]
         assert metadata["grant_types_supported"] == [
             "authorization_code",
             "refresh_token",