diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3590948..58a355c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 - Refactored code to be integrated in Smartgears  [#22871] 
 - Fixed getRoles for JWTSecret [#22754]
+- Added OIDC Client credential [#23089]
 
 ## [v1.0.0] 
 
diff --git a/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java b/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java
index c74c50d..2042fda 100644
--- a/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java
+++ b/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java
@@ -2,6 +2,7 @@ package org.gcube.common.authorization.utils.clientid;
 
 import org.gcube.common.authorization.utils.secret.JWTSecret;
 import org.gcube.common.authorization.utils.secret.Secret;
+import org.gcube.common.keycloak.KeycloakClientException;
 import org.gcube.common.keycloak.KeycloakClientFactory;
 import org.gcube.common.keycloak.model.TokenResponse;
 
@@ -40,6 +41,17 @@ public class ClienIDManager implements RenewalProvider {
 		return jwtSecret;
 	}
 
+	public Secret getOIDCSecret() throws KeycloakClientException {
+		TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryOIDCToken(clientID, clientSecret);
+		
+		JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
+		jwtSecret.setRenewalProvider(this);
+		
+		jwtSecret.setTokenResponse(tokenResponse);
+		
+		return jwtSecret;
+	}
+	
 	@Override
 	public Secret renew() throws Exception {
 		return getSecret();