diff --git a/src/Symfony/Component/Security/Http/Firewall/TokenListener.php b/src/Symfony/Component/Security/Http/Firewall/TokenListener.php
index 25409fa9..65920216 100644
--- a/src/Symfony/Component/Security/Http/Firewall/TokenListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/TokenListener.php
@@ -52,15 +52,12 @@ public function handle(GetResponseEvent $event)
     {
         $request = $event->getRequest();
 
-        // At least one (and only one) of client credentials method required.
+        // At least one of client credentials method required.
+        // If more than one is set then basic auth will be used. Some clients (incorrectly) use more than one.
         if (!$request->headers->get('PHP_AUTH_USER', false) && !$request->request->get('client_id', false)) {
             throw new InvalidRequestException([
                 'error_description' => 'The request is missing a required parameter',
             ]);
-        } elseif ($request->headers->get('PHP_AUTH_USER', false) && $request->request->get('client_id', false)) {
-            throw new InvalidRequestException([
-                'error_description' => 'The request utilizes more than one mechanism for authenticating the client',
-            ]);
         }
 
         // Check with HTTP basic auth if exists.