diff --git a/lib/omniauth/strategies/apple.rb b/lib/omniauth/strategies/apple.rb
index 902a482..f7a6b61 100644
--- a/lib/omniauth/strategies/apple.rb
+++ b/lib/omniauth/strategies/apple.rb
@@ -11,7 +11,8 @@ class Apple < OmniAuth::Strategies::OAuth2
       option :client_options,
              site: 'https://appleid.apple.com',
              authorize_url: '/auth/authorize',
-             token_url: '/auth/token'
+             token_url: '/auth/token',
+             auth_scheme: :request_body
       option :authorize_params,
              response_mode: 'form_post',
              scope: 'email name'
diff --git a/spec/omniauth/strategies/apple_spec.rb b/spec/omniauth/strategies/apple_spec.rb
index ba438f6..714bc1c 100644
--- a/spec/omniauth/strategies/apple_spec.rb
+++ b/spec/omniauth/strategies/apple_spec.rb
@@ -82,6 +82,10 @@
       expect(subject.client.options[:token_url]).to eq('/auth/token')
     end
 
+    it 'has correct auth_scheme' do
+      expect(subject.client.options[:auth_scheme]).to eq(:request_body)
+    end
+
     describe 'overrides' do
       context 'as strings' do
         it 'should allow overriding the site' do