diff --git a/app/lib/omniauth_tenant_setup.rb b/app/lib/omniauth_tenant_setup.rb
index c0909b0cd..4a37ae359 100644
--- a/app/lib/omniauth_tenant_setup.rb
+++ b/app/lib/omniauth_tenant_setup.rb
@@ -64,10 +64,11 @@ module OmniauthTenantSetup
         unless Tenant.default?
           strategy = env["omniauth.strategy"]
 
-          strategy.options[:client_id] = client_id if client_id.present?
-          strategy.options[:client_secret] = client_secret if client_secret.present?
           strategy.options[:issuer] = issuer if issuer.present?
-          strategy.options[:redirect_uri] = redirect_uri if redirect_uri.present?
+          strategy.options[:client_options] ||= {}
+          strategy.options[:client_options][:identifier] = client_id if client_id.present?
+          strategy.options[:client_options][:secret] = client_secret if client_secret.present?
+          strategy.options[:client_options][:redirect_uri] = redirect_uri if redirect_uri.present?
         end
       end
 
diff --git a/spec/lib/omniauth_tenant_setup_spec.rb b/spec/lib/omniauth_tenant_setup_spec.rb
index 9b8929dd7..f38eca3b4 100644
--- a/spec/lib/omniauth_tenant_setup_spec.rb
+++ b/spec/lib/omniauth_tenant_setup_spec.rb
@@ -119,11 +119,12 @@ describe OmniauthTenantSetup do
 
         OmniauthTenantSetup.oidc(mars_env)
         mars_strategy_options = mars_env["omniauth.strategy"].options
+        mars_client_options = mars_strategy_options[:client_options]
 
-        expect(mars_strategy_options[:client_id]).to eq "mars-client-id"
-        expect(mars_strategy_options[:client_secret]).to eq "mars-client-secret"
         expect(mars_strategy_options[:issuer]).to eq "https://mars-oidc.example.com"
-        expect(mars_strategy_options[:redirect_uri]).to eq "https://mars.consul.dev/auth/oidc/callback"
+        expect(mars_client_options[:secret]).to eq "mars-client-secret"
+        expect(mars_client_options[:identifier]).to eq "mars-client-id"
+        expect(mars_client_options[:redirect_uri]).to eq "https://mars.consul.dev/auth/oidc/callback"
       end
 
       Tenant.switch("venus") do
@@ -134,11 +135,12 @@ describe OmniauthTenantSetup do
 
         OmniauthTenantSetup.oidc(venus_env)
         venus_strategy_options = venus_env["omniauth.strategy"].options
+        venus_client_options = venus_strategy_options[:client_options]
 
-        expect(venus_strategy_options[:client_id]).to eq "venus-client-id"
-        expect(venus_strategy_options[:client_secret]).to eq "venus-client-secret"
         expect(venus_strategy_options[:issuer]).to eq "https://venus-oidc.example.com"
-        expect(venus_strategy_options[:redirect_uri]).to eq "https://venus.consul.dev/auth/oidc/callback"
+        expect(venus_client_options[:identifier]).to eq "venus-client-id"
+        expect(venus_client_options[:secret]).to eq "venus-client-secret"
+        expect(venus_client_options[:redirect_uri]).to eq "https://venus.consul.dev/auth/oidc/callback"
       end
     end
 
@@ -168,11 +170,12 @@ describe OmniauthTenantSetup do
 
         OmniauthTenantSetup.oidc(earth_env)
         earth_strategy_options = earth_env["omniauth.strategy"].options
+        earth_client_options = earth_strategy_options[:client_options]
 
-        expect(earth_strategy_options[:client_id]).to eq "default-client-id"
-        expect(earth_strategy_options[:client_secret]).to eq "default-client-secret"
         expect(earth_strategy_options[:issuer]).to eq "https://default-oidc.example.com"
-        expect(earth_strategy_options[:redirect_uri]).to eq "https://default.consul.dev/auth/oidc/callback"
+        expect(earth_client_options[:identifier]).to eq "default-client-id"
+        expect(earth_client_options[:secret]).to eq "default-client-secret"
+        expect(earth_client_options[:redirect_uri]).to eq "https://default.consul.dev/auth/oidc/callback"
       end
     end
   end