diff --git a/README.md b/README.md
index 758e055..4899232 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,8 @@ OAuthProvider.configure({
   clientId: null,
   clientSecret: null,
   grantPath: '/oauth2/token',
-  revokePath: '/oauth2/revoke'
+  revokePath: '/oauth2/revoke',
+  clientCredentials: 'body'
 });
 ```
 
@@ -117,7 +118,8 @@ OAuth.configure({
   clientId: null,
   clientSecret: null,
   grantPath: '/oauth2/token',
-  revokePath: '/oauth2/revoke'
+  revokePath: '/oauth2/revoke',
+  clientCredentials: 'body'
 });
 
 ```
diff --git a/src/providers/oauth-provider.js b/src/providers/oauth-provider.js
index 2de0045..1a6c134 100644
--- a/src/providers/oauth-provider.js
+++ b/src/providers/oauth-provider.js
@@ -65,6 +65,50 @@ function OAuthProvider() {
 
     return config;
   };
+
+  /**
+   * @private
+   * add credentials in header
+   * @param {object} config - Object containing the clientId and the clientSecret
+   * @param {object} options - Optional configuration.
+   * @return {object} Modified optional configuration.
+   */
+  const addCredentialsInHeader = (config, options) => {
+    // Create the credentials string
+    let credentials = config.clientId + ':';
+    if (null !== config.clientSecret) {
+        credentials += config.clientSecret;
+    }
+    credentials = 'Basic ' + btoa(credentials);
+
+    // Add the credentials in the header
+    options = angular.extend({
+        headers: {
+            Authorization: credentials,
+            'Content-Type': 'application/x-www-form-urlencoded'
+        }
+    }, options);
+
+    return options;
+  };
+  
+  /**
+   * @private
+   * add credentials in body
+   * @param {object} config - Object containing the clientId and the clientSecret
+   * @param {object} data - Request content, e.g., `username` and `password`.
+   * @return {object} Modified request content.
+   */
+  const addCredentialsInBody = (config, data) => {
+    data = angular.extend({
+        client_id: config.clientId
+    }, data);
+    if (null !== config.clientSecret) {
+        data.client_secret = config.clientSecret;
+    }
+
+    return data;
+};
   
   /**
    * Configure.
@@ -121,24 +165,24 @@ function OAuthProvider() {
        */
 
       getAccessToken(data, options) {
+        if ('header' === this.config.clientCredentials) {
+            options = addCredentialsInHeader(this.config, options);
+        } else {
+            data = addCredentialsInBody(this.config, data);
+            options = angular.extend({
+                headers: {
+                    Authorization: undefined,
+                    'Content-Type': 'application/x-www-form-urlencoded'
+                }
+            }, options);
+        }
+
         data = angular.extend({
-          client_id: this.config.clientId,
           grant_type: 'password'
         }, data);
 
-        if (null !== this.config.clientSecret) {
-          data.client_secret = this.config.clientSecret;
-        }
-
         data = queryString.stringify(data);
 
-        options = angular.extend({
-          headers: {
-            'Authorization': undefined,
-            'Content-Type': 'application/x-www-form-urlencoded'
-          }
-        }, options);
-
         return $http.post(`${this.config.baseUrl}${this.config.grantPath}`, data, options).then((response) => {
           OAuthToken.setToken(response.data);
 
@@ -156,25 +200,25 @@ function OAuthProvider() {
        */
 
       getRefreshToken(data, options) {
+        if ('header' === this.config.clientCredentials) {
+            options = addCredentialsInHeader(this.config, options);
+        } else {
+            data = addCredentialsInBody(this.config, data);
+            options = angular.extend({
+                headers: {
+                    Authorization: undefined,
+                    'Content-Type': 'application/x-www-form-urlencoded'
+                }
+            }, options);
+        }
+
         data = angular.extend({
-          client_id: this.config.clientId,
           grant_type: 'refresh_token',
           refresh_token: OAuthToken.getRefreshToken(),
         }, data);
 
-        if (null !== this.config.clientSecret) {
-          data.client_secret = this.config.clientSecret;
-        }
-
         data = queryString.stringify(data);
 
-        options = angular.extend({
-          headers: {
-            'Authorization': undefined,
-            'Content-Type': 'application/x-www-form-urlencoded'
-          }
-        }, options);
-
         return $http.post(`${this.config.baseUrl}${this.config.grantPath}`, data, options).then((response) => {
           OAuthToken.setToken(response.data);
 
@@ -192,26 +236,27 @@ function OAuthProvider() {
        */
 
       revokeToken(data, options) {
+        if ('header' === this.config.clientCredentials) {
+            options = addCredentialsInHeader(this.config, options);
+        } else {
+            data = addCredentialsInBody(this.config, data);
+            options = angular.extend({
+                headers: {
+                    Authorization: undefined,
+                    'Content-Type': 'application/x-www-form-urlencoded'
+                }
+            }, options);
+        }
+
         var refreshToken = OAuthToken.getRefreshToken();
 
         data = angular.extend({
-          client_id: this.config.clientId,
           token: refreshToken ? refreshToken : OAuthToken.getAccessToken(),
           token_type_hint: refreshToken ? 'refresh_token' : 'access_token'
         }, data);
 
-        if (null !== this.config.clientSecret) {
-          data.client_secret = this.config.clientSecret;
-        }
-
         data = queryString.stringify(data);
 
-        options = angular.extend({
-          headers: {
-            'Content-Type': 'application/x-www-form-urlencoded'
-          }
-        }, options);
-
         return $http.post(`${this.config.baseUrl}${this.config.revokePath}`, data, options).then((response) => {
           OAuthToken.removeToken();