diff --git a/oidc_provider/tests/app/utils.py b/oidc_provider/tests/app/utils.py
index 99f9874..cd547d1 100644
--- a/oidc_provider/tests/app/utils.py
+++ b/oidc_provider/tests/app/utils.py
@@ -33,7 +33,7 @@ def create_fake_user():
     return user
 
 
-def create_fake_client(response_type):
+def create_fake_client(response_type, is_public=False):
     """
     Create a test client, response_type argument MUST be:
     'code', 'id_token' or 'id_token token'.
@@ -42,8 +42,13 @@ def create_fake_client(response_type):
     """
     client = Client()
     client.name = 'Some Client'
-    client.client_id = '123'
-    client.client_secret = '456'
+    if is_public:
+        client.client_type = 'public'
+        client.client_id = 'p123'
+        client.client_secret = ''
+    else:
+        client.client_id = 'c123'
+        client.client_secret = '456'
     client.response_type = response_type
     client.redirect_uris = ['http://example.com/']
 
diff --git a/oidc_provider/tests/test_authorize_endpoint.py b/oidc_provider/tests/test_authorize_endpoint.py
index 5a3eaa2..9b24d95 100644
--- a/oidc_provider/tests/test_authorize_endpoint.py
+++ b/oidc_provider/tests/test_authorize_endpoint.py
@@ -25,6 +25,7 @@ class AuthorizationCodeFlowTestCase(TestCase):
         self.factory = RequestFactory()
         self.user = create_fake_user()
         self.client = create_fake_client(response_type='code')
+        self.client_public = create_fake_client(response_type='code', is_public=True)
         self.state = uuid.uuid4().hex
 
     def test_missing_parameters(self):
@@ -310,8 +311,31 @@ class AuthorizationCodeFlowTestCase(TestCase):
 
         response = AuthorizeView.as_view()(request)
 
+        # Search the scopes in the html.
         self.assertEqual(scope_test in response.content.decode('utf-8'), True)
 
+    def test_public_client_auto_approval(self):
+        """
+        It's recommended not auto-approving requests for non-confidential clients.
+        """
+        query_str = urlencode({
+            'client_id': self.client_public.client_id,
+            'response_type': 'code',
+            'redirect_uri': self.client_public.default_redirect_uri,
+            'scope': 'openid email',
+            'state': self.state,
+        })
+
+        url = reverse('oidc_provider:authorize') + '?' + query_str
+
+        request = self.factory.get(url)
+        # Simulate that the user is logged.
+        request.user = self.user
+
+        with self.settings(OIDC_SKIP_CONSENT_ALWAYS=True):
+            response = AuthorizeView.as_view()(request)
+
+        self.assertEqual('Request for Permission' in response.content.decode('utf-8'), True)
 
 class ImplicitFlowTestCase(TestCase):
     """
diff --git a/oidc_provider/views.py b/oidc_provider/views.py
index c7010bb..2af287d 100644
--- a/oidc_provider/views.py
+++ b/oidc_provider/views.py
@@ -40,12 +40,12 @@ class AuthorizeView(View):
                 if hook_resp:
                     return hook_resp
 
-                if settings.get('OIDC_SKIP_CONSENT_ALWAYS'):
+                if settings.get('OIDC_SKIP_CONSENT_ALWAYS') and not (authorize.client.client_type == 'public'):
                     return redirect(authorize.create_response_uri())
 
                 if settings.get('OIDC_SKIP_CONSENT_ENABLE'):
                     # Check if user previously give consent.
-                    if authorize.client_has_user_consent():
+                    if authorize.client_has_user_consent() and not (authorize.client.client_type == 'public'):
                         return redirect(authorize.create_response_uri())
 
                 # Generate hidden inputs for the form.