I can’t find anything that explicitly says this is not possible, but it seems the OIDCClientID and OIDCClientSecret parameters of ACLAuthMethodConfig are marked as required [ref] and also validated as required, so I suspect it’s not possible, but I just want to confirm it.