diff --git a/spring-cloud-bindings/src/main/java/org/springframework/cloud/bindings/boot/SpringSecurityOAuth2BindingsPropertiesProcessor.java b/spring-cloud-bindings/src/main/java/org/springframework/cloud/bindings/boot/SpringSecurityOAuth2BindingsPropertiesProcessor.java
index fde51b1..485e5e7 100644
--- a/spring-cloud-bindings/src/main/java/org/springframework/cloud/bindings/boot/SpringSecurityOAuth2BindingsPropertiesProcessor.java
+++ b/spring-cloud-bindings/src/main/java/org/springframework/cloud/bindings/boot/SpringSecurityOAuth2BindingsPropertiesProcessor.java
@@ -58,7 +58,9 @@ public void process(Environment environment, Bindings bindings, Map<String, Obje
             properties.put(String.format("spring.security.oauth2.client.registration.%s.provider", clientName), provider);
             map.from("client-id").to(String.format("spring.security.oauth2.client.registration.%s.client-id", clientName));
             map.from("client-secret").to(String.format("spring.security.oauth2.client.registration.%s.client-secret", clientName));
-            map.from("client-authentication-method").to(String.format("spring.security.oauth2.client.registration.%s.client-authentication-method", clientName));
+            map.from("client-authentication-method")
+                    .to(String.format("spring.security.oauth2.client.registration.%s.client-authentication-method", clientName),
+                            SpringSecurityOAuth2BindingsPropertiesProcessor::toBackwardsCompatibleClientAuthenticationMethod);
             map.from("authorization-grant-type").to(String.format("spring.security.oauth2.client.registration.%s.authorization-grant-type", clientName));
             map.from("authorization-grant-types")
                     .when(SpringSecurityOAuth2BindingsPropertiesProcessor::hasSingleValue)
@@ -88,6 +90,31 @@ private static boolean hasSingleValue(@Nullable Object value) {
                 .isPresent();
     }
 
+    /**
+     * Spring Security 5.5 has introduced ClientAuthenticationMethod.CLIENT_SECRET_BASIC and
+     * ClientAuthenticationMethod.CLIENT_SECRET_POST to match with the OpenID specification, and marked BASIC and POST
+     * as deprecated. In older version, where the CLIENT_SECRET_* versions do not exist, Boot creates a mapping to a
+     * new ClientAuthenticationMethod("client_secret_basic") which is not recognized by Spring Security.
+     * <p>
+     * From Security 6 upwards (Boot 3+), "basic" and "post" have been removed.
+     * <p>
+     * This transforms "client_secret_basic" to "basic" and "client_secret_post" to "post", so that it works with every
+     * Boot 2 version, even Boot < 2.5.
+     *
+     * @param clientAuthenticationMethod the base client authentication method
+     * @return "basic" instead of "client_secret_basic", "post" instead of "client_secret_post", the input otherwise
+     */
+    @Nullable
+    private static String toBackwardsCompatibleClientAuthenticationMethod(@Nullable String clientAuthenticationMethod) {
+        if ("client_secret_basic".equalsIgnoreCase(clientAuthenticationMethod)) {
+            return "basic";
+        }
+        if ("client_secret_post".equalsIgnoreCase(clientAuthenticationMethod)) {
+            return "post";
+        }
+        return clientAuthenticationMethod;
+    }
+
     @Override
     public void onApplicationEvent(ApplicationPreparedEvent event) {
         LOG.replayTo(getClass());
diff --git a/spring-cloud-bindings/src/test/java/org/springframework/cloud/bindings/boot/SpringSecurityOAuth2BindingsPropertiesProcessorTest.java b/spring-cloud-bindings/src/test/java/org/springframework/cloud/bindings/boot/SpringSecurityOAuth2BindingsPropertiesProcessorTest.java
index db39e80..c973485 100644
--- a/spring-cloud-bindings/src/test/java/org/springframework/cloud/bindings/boot/SpringSecurityOAuth2BindingsPropertiesProcessorTest.java
+++ b/spring-cloud-bindings/src/test/java/org/springframework/cloud/bindings/boot/SpringSecurityOAuth2BindingsPropertiesProcessorTest.java
@@ -209,6 +209,30 @@ void testRedirectUriAndRedirectUris() {
                 .containsEntry("spring.security.oauth2.client.registration.binding-name.redirect-uri", "https://other-app.example.com/login");
     }
 
+    @Test
+    @DisplayName("uses Spring-Security 5.4-compatible ClientAuthenticationMethod")
+    void backwardsCompatibleClientAuthenticationMethod() {
+        Bindings clientSecretBasic = new Bindings(new Binding("binding-name", Paths.get("test-path"),
+                new FluentMap()
+                        .withEntry(Binding.TYPE, TYPE)
+                        .withEntry("provider", "some-provider")
+                        .withEntry("client-authentication-method", "client_secret_basic")
+        ));
+        new SpringSecurityOAuth2BindingsPropertiesProcessor().process(new MockEnvironment(), clientSecretBasic, properties);
+        assertThat(properties)
+                .containsEntry("spring.security.oauth2.client.registration.binding-name.client-authentication-method", "basic");
+
+        Bindings clientSecretPost = new Bindings(new Binding("binding-name", Paths.get("test-path"),
+                new FluentMap()
+                        .withEntry(Binding.TYPE, TYPE)
+                        .withEntry("provider", "some-provider")
+                        .withEntry("client-authentication-method", "client_secret_post")
+        ));
+        new SpringSecurityOAuth2BindingsPropertiesProcessor().process(new MockEnvironment(), clientSecretPost, properties);
+        assertThat(properties)
+                .containsEntry("spring.security.oauth2.client.registration.binding-name.client-authentication-method", "post");
+    }
+
     @Test
     @DisplayName("can be disabled")
     void disabled() {