diff --git a/client.go b/client.go
index f32a038..f4e0a24 100644
--- a/client.go
+++ b/client.go
@@ -1,5 +1,7 @@
 package osin
 
+import "crypto/subtle"
+
 // Client information
 type Client interface {
 	// Client id
@@ -49,7 +51,7 @@ func (d *DefaultClient) GetUserData() interface{} {
 
 // Implement the ClientSecretMatcher interface
 func (d *DefaultClient) ClientSecretMatches(secret string) bool {
-	return d.Secret == secret
+	return subtle.ConstantTimeCompare([]byte(d.Secret), []byte(secret)) == 1
 }
 
 func (d *DefaultClient) CopyFrom(client Client) {
diff --git a/util.go b/util.go
index a630998..d44efb0 100644
--- a/util.go
+++ b/util.go
@@ -1,6 +1,7 @@
 package osin
 
 import (
+	"crypto/subtle"
 	"encoding/base64"
 	"errors"
 	"net/http"
@@ -28,7 +29,7 @@ func CheckClientSecret(client Client, secret string) bool {
 		return client.ClientSecretMatches(secret)
 	default:
 		// Fallback to the less secure method of extracting the plain text secret from the client for comparison
-		return client.GetSecret() == secret
+		return subtle.ConstantTimeCompare([]byte(client.GetSecret()), []byte(secret)) == 1
 	}
 }