diff --git a/lib/omniauth/strategies/openid_connect.rb b/lib/omniauth/strategies/openid_connect.rb
index 73dd0fe0..e0c6fd79 100644
--- a/lib/omniauth/strategies/openid_connect.rb
+++ b/lib/omniauth/strategies/openid_connect.rb
@@ -283,6 +283,7 @@ def access_token
         token_request_params[:code_verifier] = params['code_verifier'] || session.delete('omniauth.pkce.verifier') if options.pkce
 
         @access_token = client.access_token!(token_request_params)
+        @access_token = @access_token.to_mtls if options.client_auth_method.match?(/mtls/)
         verify_id_token!(@access_token.id_token) if configured_response_type == 'code'
 
         @access_token