diff --git a/internal/creds.go b/internal/creds.go
index 86861e24383..92bb42c3215 100644
--- a/internal/creds.go
+++ b/internal/creds.go
@@ -47,7 +47,13 @@ func Creds(ctx context.Context, ds *DialSettings) (*google.Credentials, error) {
 // options provided via [option.ClientOption], including legacy oauth2/google
 // options. If there are no applicable options, then it returns the result of
 // [cloud.google.com/go/auth/credentials.DetectDefault].
+// Note: If NoAuth is true, when [google.golang.org/api/option.WithoutAuthentication]
+// is passed, then no authentication will be performed and this function will
+// return nil, nil.
 func AuthCreds(ctx context.Context, settings *DialSettings) (*auth.Credentials, error) {
+	if settings.NoAuth {
+		return nil, nil
+	}
 	if settings.AuthCredentials != nil {
 		return settings.AuthCredentials, nil
 	}
diff --git a/internal/creds_test.go b/internal/creds_test.go
index 69f0a1f505c..1cea8e910cf 100644
--- a/internal/creds_test.go
+++ b/internal/creds_test.go
@@ -645,3 +645,17 @@ func TestIsSelfSignedJWTFlow(t *testing.T) {
 		}
 	}
 }
+
+func TestNewAuth_NoAuth(t *testing.T) {
+	ctx := context.Background()
+	ds := &DialSettings{
+		NoAuth: true,
+	}
+	creds, err := AuthCreds(ctx, ds)
+	if err != nil {
+		t.Fatalf("got %v, want nil error", err)
+	}
+	if creds != nil {
+		t.Fatalf("got %v, want nil creds", creds)
+	}
+}
diff --git a/option/internaloption/internaloption.go b/option/internaloption/internaloption.go
index 18fec9c984a..931f093d89a 100644
--- a/option/internaloption/internaloption.go
+++ b/option/internaloption/internaloption.go
@@ -289,21 +289,22 @@ func GetLogger(opts []option.ClientOption) *slog.Logger {
 // options provided via [option.ClientOption], including legacy oauth2/google
 // options, in this order:
 //
-// * [option.WithAuthCredentials]
-// * [option/internaloption.WithCredentials] (internal use only)
-// * [option.WithCredentials]
-// * [option.WithTokenSource]
+//   - [option.WithoutAuthentication]
+//   - [option.WithAuthCredentials]
+//   - [WithCredentials] (internal use only)
+//   - [option.WithCredentials]
+//   - [option.WithTokenSource]
 //
 // If there are no applicable credentials options, then it passes the
 // following options to [cloud.google.com/go/auth/credentials.DetectDefault] and
 // returns the result:
 //
-// * [option.WithAudiences]
-// * [option.WithCredentialsFile]
-// * [option.WithCredentialsJSON]
-// * [option.WithScopes]
-// * [option/internaloption.WithDefaultScopes] (internal use only)
-// * [option/internaloption.EnableJwtWithScope] (internal use only)
+//   - [option.WithAudiences]
+//   - [option.WithCredentialsFile]
+//   - [option.WithCredentialsJSON]
+//   - [option.WithScopes]
+//   - [WithDefaultScopes] (internal use only)
+//   - [EnableJwtWithScope] (internal use only)
 //
 // This function should only be used internally by generated clients. This is an
 // EXPERIMENTAL API and may be changed or removed in the future.