diff --git a/pkg/oidcclient/login.go b/pkg/oidcclient/login.go
index 4521000b..53334af2 100644
--- a/pkg/oidcclient/login.go
+++ b/pkg/oidcclient/login.go
@@ -864,10 +864,12 @@ func (h *handlerState) handleAuthCodeCallback(w http.ResponseWriter, r *http.Req
 
 		// Return HTTP 405 for anything that's not a POST.
 		if r.Method != http.MethodPost {
-			return httperr.Newf(http.StatusMethodNotAllowed, "wanted POST but got %s", r.Method)
+			h.logger.V(debugLogLevel).Info("Pinniped: Got unexpected request on callback listener", "method", r.Method)
+			w.WriteHeader(http.StatusMethodNotAllowed)
+			return nil // keep listening for more requests
 		}
 
-		// Parse and pull the response parameters from a application/x-www-form-urlencoded request body.
+		// Parse and pull the response parameters from an application/x-www-form-urlencoded request body.
 		if err := r.ParseForm(); err != nil {
 			return httperr.Wrap(http.StatusBadRequest, "invalid form", err)
 		}
@@ -875,7 +877,9 @@ func (h *handlerState) handleAuthCodeCallback(w http.ResponseWriter, r *http.Req
 	} else {
 		// Return HTTP 405 for anything that's not a GET.
 		if r.Method != http.MethodGet {
-			return httperr.Newf(http.StatusMethodNotAllowed, "wanted GET but got %s", r.Method)
+			h.logger.V(debugLogLevel).Info("Pinniped: Got unexpected request on callback listener", "method", r.Method)
+			w.WriteHeader(http.StatusMethodNotAllowed)
+			return nil // keep listening for more requests
 		}
 
 		// Pull response parameters from the URL query string.
diff --git a/pkg/oidcclient/login_test.go b/pkg/oidcclient/login_test.go
index ba4ce3ae..8c2bfb20 100644
--- a/pkg/oidcclient/login_test.go
+++ b/pkg/oidcclient/login_test.go
@@ -1753,19 +1753,19 @@ func TestHandleAuthCodeCallback(t *testing.T) {
 		wantHeaders     http.Header
 	}{
 		{
-			name:           "wrong method",
-			method:         http.MethodPost,
-			query:          "",
-			wantErr:        "wanted GET but got POST",
-			wantHTTPStatus: http.StatusMethodNotAllowed,
+			name:            "wrong method returns an error but keeps listening",
+			method:          http.MethodPost,
+			query:           "",
+			wantNoCallbacks: true,
+			wantHTTPStatus:  http.StatusMethodNotAllowed,
 		},
 		{
-			name:           "wrong method for form_post",
-			method:         http.MethodGet,
-			query:          "",
-			opt:            withFormPostMode,
-			wantErr:        "wanted POST but got GET",
-			wantHTTPStatus: http.StatusMethodNotAllowed,
+			name:            "wrong method for form_post returns an error but keeps listening",
+			method:          http.MethodGet,
+			query:           "",
+			opt:             withFormPostMode,
+			wantNoCallbacks: true,
+			wantHTTPStatus:  http.StatusMethodNotAllowed,
 		},
 		{
 			name:           "invalid form for form_post",
@@ -1970,6 +1970,7 @@ func TestHandleAuthCodeCallback(t *testing.T) {
 				require.Equal(t, tt.wantHeaders, resp.Header())
 			}
 
+			gotCallback := false
 			select {
 			case <-time.After(1 * time.Second):
 				if !tt.wantNoCallbacks {
@@ -1983,7 +1984,9 @@ func TestHandleAuthCodeCallback(t *testing.T) {
 				require.NoError(t, result.err)
 				require.NotNil(t, result.token)
 				require.Equal(t, result.token.IDToken.Token, "test-id-token")
+				gotCallback = true
 			}
+			require.Equal(t, tt.wantNoCallbacks, !gotCallback)
 		})
 	}
 }