diff --git a/lib/oauth2/strategy/auth_code.ex b/lib/oauth2/strategy/auth_code.ex
index a018001..acf1e7c 100644
--- a/lib/oauth2/strategy/auth_code.ex
+++ b/lib/oauth2/strategy/auth_code.ex
@@ -54,6 +54,7 @@ defmodule OAuth2.Strategy.AuthCode do
     |> put_param(:client_id, client.client_id)
     |> put_param(:redirect_uri, client.redirect_uri)
     |> merge_params(params)
+    |> basic_auth()
     |> put_headers(headers)
   end
 end
diff --git a/lib/oauth2/strategy/client_credentials.ex b/lib/oauth2/strategy/client_credentials.ex
index 3a1af4e..43335c2 100644
--- a/lib/oauth2/strategy/client_credentials.ex
+++ b/lib/oauth2/strategy/client_credentials.ex
@@ -37,13 +37,9 @@ defmodule OAuth2.Strategy.ClientCredentials do
     |> put_headers(headers)
   end
 
-  defp auth_scheme(client, "auth_header"),  do: auth_header(client)
+  defp auth_scheme(client, "auth_header"),  do: basic_auth(client)
   defp auth_scheme(client, "request_body"), do: request_body(client)
 
-  defp auth_header(%{client_id: id, client_secret: secret} = client) do
-    put_header(client, "Authorization", "Basic " <> Base.encode64(id <> ":" <> secret))
-  end
-
   defp request_body(client) do
     client
     |> put_param(:client_id, client.client_id)
diff --git a/lib/oauth2/strategy/password.ex b/lib/oauth2/strategy/password.ex
index 4605ef9..3f1fa40 100644
--- a/lib/oauth2/strategy/password.ex
+++ b/lib/oauth2/strategy/password.ex
@@ -44,9 +44,8 @@ defmodule OAuth2.Strategy.Password do
     |> put_param(:username, username)
     |> put_param(:password, password)
     |> put_param(:grant_type, "password")
-    |> put_param(:client_id, client.client_id)
-    |> put_param(:client_secret, client.client_secret)
     |> merge_params(params)
+    |> basic_auth()
     |> put_headers(headers)
   end
 end
diff --git a/lib/oauth2/strategy/refresh.ex b/lib/oauth2/strategy/refresh.ex
index 532ed34..9f07449 100644
--- a/lib/oauth2/strategy/refresh.ex
+++ b/lib/oauth2/strategy/refresh.ex
@@ -44,9 +44,8 @@ defmodule OAuth2.Strategy.Refresh do
     client
     |> put_param(:refresh_token, token)
     |> put_param(:grant_type, "refresh_token")
-    |> put_param(:client_id, client.client_id)
-    |> put_param(:client_secret, client.client_secret)
     |> merge_params(params)
+    |> basic_auth()
     |> put_headers(headers)
   end
 end
diff --git a/test/oauth2/client_test.exs b/test/oauth2/client_test.exs
index 182173f..205486d 100644
--- a/test/oauth2/client_test.exs
+++ b/test/oauth2/client_test.exs
@@ -14,8 +14,10 @@ defmodule OAuth2.ClientTest do
     client = build_client(site: bypass_server(server))
     client_with_token = tokenize_client(client)
     async_client = async_client(client)
+    basic_auth = Base.encode64(client.client_id <> ":" <> client.client_secret)
 
-    {:ok, client: client,
+    {:ok, basic_auth: basic_auth,
+          client: client,
           server: server,
           client_with_token: client_with_token,
           async_client: async_client}
@@ -78,9 +80,9 @@ defmodule OAuth2.ClientTest do
     end
   end
 
-  test "refresh_token and refresh_token! with a POST", %{server: server, client_with_token: client} do
+  test "refresh_token and refresh_token! with a POST", %{basic_auth: base64, server: server, client_with_token: client} do
     bypass server, "POST", "/oauth/token", fn conn ->
-      assert get_req_header(conn, "authorization") == []
+      assert get_req_header(conn, "authorization") == ["Basic #{base64}"]
       assert get_req_header(conn, "accept") == ["application/json"]
       assert get_req_header(conn, "content-type") == ["application/x-www-form-urlencoded"]
 
@@ -103,9 +105,9 @@ defmodule OAuth2.ClientTest do
     assert client.token.refresh_token == "new-refresh-token"
   end
 
-  test "refresh token when response missing refresh_token", %{server: server, client_with_token: client} do
+  test "refresh token when response missing refresh_token", %{basic_auth: base64, server: server, client_with_token: client} do
     bypass server, "POST", "/oauth/token", fn conn ->
-      assert get_req_header(conn, "authorization") == []
+      assert get_req_header(conn, "authorization") == ["Basic #{base64}"]
       assert get_req_header(conn, "accept") == ["application/json"]
       assert get_req_header(conn, "content-type") == ["application/x-www-form-urlencoded"]
 
diff --git a/test/oauth2/strategy/auth_code_test.exs b/test/oauth2/strategy/auth_code_test.exs
index 8e403e1..ef91ff3 100644
--- a/test/oauth2/strategy/auth_code_test.exs
+++ b/test/oauth2/strategy/auth_code_test.exs
@@ -26,11 +26,13 @@ defmodule OAuth2.Strategy.AuthCodeTest do
   test "get_token", %{client: client, server: server} do
     code = "abc1234"
     access_token = "access-token-1234"
+    base64 = Base.encode64(client.client_id <> ":" <> client.client_secret)
 
     Bypass.expect server, fn conn ->
+      assert conn.method == "POST"
       assert conn.request_path == "/oauth/token"
       assert get_req_header(conn, "content-type") == ["application/x-www-form-urlencoded"]
-      assert conn.method == "POST"
+      assert get_req_header(conn, "authorization") == ["Basic #{base64}"]
 
       {:ok, body, conn} = read_body(conn)
       body = URI.decode_query(body)
diff --git a/test/oauth2/strategy/password_test.exs b/test/oauth2/strategy/password_test.exs
index c68a427..428cc4f 100644
--- a/test/oauth2/strategy/password_test.exs
+++ b/test/oauth2/strategy/password_test.exs
@@ -18,11 +18,13 @@ defmodule OAuth2.Strategy.PasswordTest do
 
   test "get_token when username and password given in params", %{client: client} do
     client = Password.get_token(client, [username: "scrogson", password: "password"], [])
+    base64 = Base.encode64(client.client_id <> ":" <> client.client_secret)
+
     assert client.params["username"] == "scrogson"
     assert client.params["password"] == "password"
     assert client.params["grant_type"] == "password"
-    assert client.params["client_id"] == client.client_id
-    assert client.params["client_secret"] == client.client_secret
+
+    assert List.keyfind(client.headers, "authorization", 0) == {"authorization", "Basic #{base64}"}
   end
 
   test "get_token when username and password updated via put_param", %{client: client} do
diff --git a/test/oauth2/strategy/refresh_test.exs b/test/oauth2/strategy/refresh_test.exs
index f117bff..3a4b8f1 100644
--- a/test/oauth2/strategy/refresh_test.exs
+++ b/test/oauth2/strategy/refresh_test.exs
@@ -15,10 +15,12 @@ defmodule OAuth2.Strategy.RefreshTest do
   test "get_token" do
     client = build_client()
     client = Refresh.get_token(client, [refresh_token: "refresh-token"], [])
+    base64 = Base.encode64(client.client_id <> ":" <> client.client_secret)
+
     assert client.params["grant_type"] == "refresh_token"
     assert client.params["refresh_token"] == "refresh-token"
-    assert client.params["client_id"] == client.client_id
-    assert client.params["client_secret"] == client.client_secret
+
+    assert List.keyfind(client.headers, "authorization", 0) == {"authorization", "Basic #{base64}"}
   end
 
   test "get_token throws and error if there is no 'refresh_token' param" do