diff --git a/src/Microsoft.Identity.Web/TokenAcquisition.cs b/src/Microsoft.Identity.Web/TokenAcquisition.cs
index d2e8db27c..fb64cdad2 100644
--- a/src/Microsoft.Identity.Web/TokenAcquisition.cs
+++ b/src/Microsoft.Identity.Web/TokenAcquisition.cs
@@ -457,9 +457,14 @@ private async Task<IConfidentialClientApplication> BuildConfidentialClientApplic
                 _applicationOptions.Instance += "/";
             }
 
+            if (!string.IsNullOrEmpty(_microsoftIdentityOptions.ClientSecret))
+            {
+                _applicationOptions.ClientSecret = _microsoftIdentityOptions.ClientSecret;
+            }
+
             MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(
-                _applicationOptions.ClientSecret,
-                _microsoftIdentityOptions.ClientCertificates);
+                 _applicationOptions.ClientSecret,
+                 _microsoftIdentityOptions.ClientCertificates);
 
             try
             {
diff --git a/tests/IntegrationTests/IntegrationTestService/Startup.cs b/tests/IntegrationTests/IntegrationTestService/Startup.cs
index a95bba26a..9052e8bbe 100644
--- a/tests/IntegrationTests/IntegrationTestService/Startup.cs
+++ b/tests/IntegrationTests/IntegrationTestService/Startup.cs
@@ -42,10 +42,6 @@ public void ConfigureServices(IServiceCollection services)
             {
                 options.ClientSecret = ccaSecret;
             });
-            services.Configure<ConfidentialClientApplicationOptions>(options =>
-            {
-                options.ClientSecret = ccaSecret;
-            });
             services.AddRazorPages(options =>
             {
                 options.Conventions.AuthorizePage("/SecurePage");