diff --git a/integrations/oauth_test.go b/integrations/oauth_test.go
index 2b5839dd71..ed5761a86b 100644
--- a/integrations/oauth_test.go
+++ b/integrations/oauth_test.go
@@ -75,7 +75,30 @@ func TestAccessTokenExchange(t *testing.T) {
 
 func TestAccessTokenExchangeWithoutPKCE(t *testing.T) {
 	prepareTestEnv(t)
-	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+	req := NewRequestWithJSON(t, "POST", "/login/oauth/access_token", map[string]string{
+		"grant_type":    "authorization_code",
+		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
+		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+		"redirect_uri":  "a",
+		"code":          "authcode",
+		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally
+	})
+	resp := MakeRequest(t, req, 200)
+	type response struct {
+		AccessToken  string `json:"access_token"`
+		TokenType    string `json:"token_type"`
+		ExpiresIn    int64  `json:"expires_in"`
+		RefreshToken string `json:"refresh_token"`
+	}
+	parsed := new(response)
+	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))
+	assert.True(t, len(parsed.AccessToken) > 10)
+	assert.True(t, len(parsed.RefreshToken) > 10)
+}
+
+func TestAccessTokenExchangeJSON(t *testing.T) {
+	prepareTestEnv(t)
+	req := NewRequestWithJSON(t, "POST", "/login/oauth/access_token", map[string]string{
 		"grant_type":    "authorization_code",
 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go
index 810a2f941a..38ee5415d9 100644
--- a/modules/auth/user_form.go
+++ b/modules/auth/user_form.go
@@ -168,15 +168,15 @@ func (f *GrantApplicationForm) Validate(ctx *macaron.Context, errs binding.Error
 
 // AccessTokenForm for issuing access tokens from authorization codes or refresh tokens
 type AccessTokenForm struct {
-	GrantType    string
-	ClientID     string
-	ClientSecret string
-	RedirectURI  string
-	Code         string
-	RefreshToken string
+	GrantType    string `json:"grant_type"`
+	ClientID     string `json:"client_id"`
+	ClientSecret string `json:"client_secret"`
+	RedirectURI  string `json:"redirect_uri"`
+	Code         string `json:"code"`
+	RefreshToken string `json:"refresh_token"`
 
 	// PKCE support
-	CodeVerifier string
+	CodeVerifier string `json:"code_verifier"`
 }
 
 // Validate valideates the fields