diff --git a/src/pepr/operator/crd/validators/package-validator.ts b/src/pepr/operator/crd/validators/package-validator.ts
index c255047cd..ca31b1cd7 100644
--- a/src/pepr/operator/crd/validators/package-validator.ts
+++ b/src/pepr/operator/crd/validators/package-validator.ts
@@ -104,15 +104,13 @@ export async function validator(req: PeprValidateRequest<UDSPackage>) {
     // If this is a public client ensure that it only sets itself up as an OAuth Device Flow client
     if (
       client.publicClient &&
-      (client.standardFlowEnabled === undefined ||
-        client.standardFlowEnabled ||
-        client.secret ||
-        client.secretName ||
-        client.secretTemplate ||
-        client.enableAuthserviceSelector ||
+      (client.standardFlowEnabled !== false ||
+        client.secret !== undefined ||
+        client.secretName !== undefined ||
+        client.secretTemplate !== undefined ||
+        client.enableAuthserviceSelector !== undefined ||
         client.protocol === "saml" ||
-        !client.attributes ||
-        client.attributes["oauth2.device.authorization.grant.enabled"] != "true")
+        client.attributes?.["oauth2.device.authorization.grant.enabled"] !== "true")
     ) {
       return req.Deny(
         `The client ID "${client.clientId}" must _only_ configure the OAuth Device Flow as a public client`,