diff --git a/fido2/ctap2/extensions.py b/fido2/ctap2/extensions.py
index dbdac97..7cf6679 100644
--- a/fido2/ctap2/extensions.py
+++ b/fido2/ctap2/extensions.py
@@ -124,7 +124,9 @@ class HmacSecretExtension(Ctap2Extension):
         ):
             raise ValueError("Invalid salt length")
 
-        client_pin = ClientPin(self.ctap, self.pin_protocol)
+        # HMAC-secret extension requires clientPin even when
+        # clientPin is not advertised in CTAP info
+        client_pin = ClientPin(self.ctap, self.pin_protocol, require_support=False)
         key_agreement, self.shared_secret = client_pin._get_shared_secret()
         if self.pin_protocol is None:
             self.pin_protocol = client_pin.protocol
diff --git a/fido2/ctap2/pin.py b/fido2/ctap2/pin.py
index 1dcca88..66bb829 100644
--- a/fido2/ctap2/pin.py
+++ b/fido2/ctap2/pin.py
@@ -253,8 +253,13 @@ class ClientPin:
     def is_supported(info):
         return "clientPin" in info.options
 
-    def __init__(self, ctap: Ctap2, protocol: Optional[PinProtocol] = None):
-        if not self.is_supported(ctap.info):
+    def __init__(
+            self,
+            ctap: Ctap2,
+            protocol: Optional[PinProtocol] = None,
+            require_support: Optional[bool] = True
+    ):
+        if require_support and not self.is_supported(ctap.info):
             raise ValueError("Authenticator does not support ClientPin")
 
         self.ctap = ctap