diff --git a/docs/usage/oauth2.md b/docs/usage/oauth2.md
index 439b2f10b61..48ab5798b95 100644
--- a/docs/usage/oauth2.md
+++ b/docs/usage/oauth2.md
@@ -11,7 +11,7 @@ scopeSeparator | `OAUTH_SCOPE_SEPARATOR` |scope separator for passing scopes, en
 scopes | `OAUTH_SCOPES` |string array or scope separator (i.e. space) separated string of initially selected oauth scopes, default is empty array
 additionalQueryStringParams | `OAUTH_ADDITIONAL_PARAMS` |Additional query parameters added to `authorizationUrl` and `tokenUrl`. MUST be an object
 useBasicAuthenticationWithAccessCodeGrant | `OAUTH_USE_BASIC_AUTH` |Only activated for the `accessCode` flow.  During the `authorization_code` request to the `tokenUrl`, pass the [Client Password](https://tools.ietf.org/html/rfc6749#section-2.3.1) using the HTTP Basic Authentication scheme (`Authorization` header with `Basic base64encode(client_id + client_secret)`).  The default is `false`
-usePkceWithAuthorizationCodeGrant | `OAUTH_USE_PKCE` | Only applies to `Authorization Code` flows. [Proof Key for Code Exchange](https://tools.ietf.org/html/rfc7636) brings enhanced security for OAuth public clients. The default is `false`
+usePkceWithAuthorizationCodeGrant | `OAUTH_USE_PKCE` | Only applies to `Authorization Code` flows. [Proof Key for Code Exchange](https://tools.ietf.org/html/rfc7636) brings enhanced security for OAuth public clients. The default is `false` <br/><br/>_Note:_ This option does not hide the client secret input because [neither PKCE nor client secrets are replacements for each other](https://oauth.net/2/pkce/).
 
 ```javascript
 const ui = SwaggerUI({...})
diff --git a/src/core/components/auth/oauth2.jsx b/src/core/components/auth/oauth2.jsx
index 33187033dee..487004c973b 100644
--- a/src/core/components/auth/oauth2.jsx
+++ b/src/core/components/auth/oauth2.jsx
@@ -212,7 +212,7 @@ export default class Oauth2 extends React.Component {
         }
 
         {
-          ( (flow === AUTH_FLOW_APPLICATION || flow === AUTH_FLOW_ACCESS_CODE && !isPkceCodeGrant || flow === AUTH_FLOW_PASSWORD) && <Row>
+          ( (flow === AUTH_FLOW_APPLICATION || flow === AUTH_FLOW_ACCESS_CODE || flow === AUTH_FLOW_PASSWORD) && <Row>
             <label htmlFor="client_secret">client_secret:</label>
             {
               isAuthorized ? <code> ****** </code>
diff --git a/test/e2e-cypress/tests/features/auth-code-flow-pkce-without-secret.js b/test/e2e-cypress/tests/features/auth-code-flow-pkce-without-secret.js
index 7d14bb9cdd2..0cce470febe 100644
--- a/test/e2e-cypress/tests/features/auth-code-flow-pkce-without-secret.js
+++ b/test/e2e-cypress/tests/features/auth-code-flow-pkce-without-secret.js
@@ -1,5 +1,5 @@
 describe("Check client_secret for OAuth2 Authorization Code flow with and without PKCE (#6290)", () => {
-  it("should not display client_secret field for authorization code flow with PKCE", () => {
+  it("should display client_secret field for authorization code flow with PKCE", () => {
     cy.visit(
       "/?url=/documents/features/auth-code-flow-pkce-without-secret.yaml"
     )
@@ -19,7 +19,7 @@ describe("Check client_secret for OAuth2 Authorization Code flow with and withou
       .get(".flow")
       .contains("authorizationCode with PKCE")
       .get("#client_secret")
-      .should("not.exist")
+      .should("exist")
   })
 
   it("should display client_secret field for authorization code flow without PKCE", () => {