diff --git a/README.md b/README.md
index 42269e7..96e870f 100644
--- a/README.md
+++ b/README.md
@@ -364,7 +364,7 @@ You can theoretically register a hook that overwrites internal session fields li
 | optionalClaims | `string[]` (optional) | - | Claims to be extracted from the id token |
 | logoutUrl | `string` (optional) | '' | Logout endpoint URL |
 | scopeInTokenRequest | `boolean` (optional) | false | Include scope in token request |
-| tokenRequestType | `'form'` \| `'json'` (optional) | `'form'` | Token request type |
+| tokenRequestType | `'form'` \| `'form-urlencoded'` \| `'json'` (optional) | `'form'` | Token request type |
 | audience | `string` (optional) | - | Audience used for token validation (not included in requests by default, use additionalTokenParameters or additionalAuthParameters to add it) |
 | requiredProperties | `string`[] | - | Required properties of the configuration that will be validated at runtime. |
 | filterUserinfo | `string[]`(optional) | - | Filter userinfo response to only include these properties. |
diff --git a/src/runtime/server/lib/oidc.ts b/src/runtime/server/lib/oidc.ts
index 287dfdb..67ea793 100644
--- a/src/runtime/server/lib/oidc.ts
+++ b/src/runtime/server/lib/oidc.ts
@@ -6,7 +6,7 @@ import { useRuntimeConfig, useStorage } from '#imports'
 import { validateConfig } from '../utils/config'
 import { generateRandomUrlSafeString, generatePkceVerifier, generatePkceCodeChallenge, parseJwtToken, encryptToken, validateToken, genBase64FromString } from '../utils/security'
 import { getUserSessionId, clearUserSession } from '../utils/session'
-import { configMerger, convertObjectToSnakeCase, generateFormDataRequest, oidcErrorHandler, useOidcLogger } from '../utils/oidc'
+import { configMerger, convertObjectToSnakeCase, convertTokenRequestToType, getTokenRequestContentType, oidcErrorHandler, useOidcLogger } from '../utils/oidc'
 import { SignJWT } from 'jose'
 import * as providerPresets from '../../providers'
 import type { H3Event } from 'h3'
@@ -135,6 +135,9 @@ export function callbackEventHandler({ onSuccess, onError }: OAuthConfig<UserSes
       headers.authorization = `Basic ${encodedCredentials}`
     }
 
+    // Set Content-Type header
+    headers['content-type'] = getTokenRequestContentType(config.tokenRequestType ?? undefined)
+
     // Construct form data for token request
     const requestBody: TokenRequest = {
       client_id: config.clientId,
@@ -147,8 +150,6 @@ export function callbackEventHandler({ onSuccess, onError }: OAuthConfig<UserSes
       ...config.additionalTokenParameters && convertObjectToSnakeCase(config.additionalTokenParameters),
     }
 
-    const requestForm = generateFormDataRequest(requestBody)
-
     // Make token request
     let tokenResponse: TokenRespose
     try {
@@ -157,15 +158,15 @@ export function callbackEventHandler({ onSuccess, onError }: OAuthConfig<UserSes
         {
           method: 'POST',
           headers,
-          body: config.tokenRequestType === 'json' ? requestBody : requestForm
+          body: convertTokenRequestToType(requestBody, config.tokenRequestType ?? undefined)
         }
       )
     } catch (error: any) {
       // Log ofetch error data to console
-      logger.error(error.data)
+      logger.error(error?.data ?? error)
 
       // Handle Microsoft consent_required error
-      if (error.data.suberror === 'consent_required') {
+      if (error?.data?.suberror === 'consent_required') {
         const consentUrl = `https://login.microsoftonline.com/${parseURL(config.authorizationUrl).pathname.split('/')[1]}/adminconsent?client_id=${config.clientId}`
         return sendRedirect(
           event,
diff --git a/src/runtime/server/utils/oidc.ts b/src/runtime/server/utils/oidc.ts
index 6619abd..1e9feac 100644
--- a/src/runtime/server/utils/oidc.ts
+++ b/src/runtime/server/utils/oidc.ts
@@ -31,6 +31,9 @@ export async function refreshAccessToken(refreshToken: string, config: OidcProvi
     const encodedCredentials = genBase64FromString(`${config.clientId}:${config.clientSecret}`)
     headers.authorization = `Basic ${encodedCredentials}`
   }
+  
+  // Set Content-Type header
+  headers['content-type'] = getTokenRequestContentType(config.tokenRequestType)
 
   // Construct form data for refresh token request
   const requestBody: RefreshTokenRequest = {
@@ -40,7 +43,6 @@ export async function refreshAccessToken(refreshToken: string, config: OidcProvi
     ...(config.scopeInTokenRequest && config.scope) && { scope: config.scope.join(' ') },
     ...(config.authenticationScheme === 'body') && { client_secret: normalizeURL(config.clientSecret) }
   }
-  const requestForm = generateFormDataRequest(requestBody)
 
   // Make refresh token request
   let tokenResponse: TokenRespose
@@ -50,11 +52,11 @@ export async function refreshAccessToken(refreshToken: string, config: OidcProvi
       {
         method: 'POST',
         headers,
-        body: config.tokenRequestType === 'json' ? requestBody : requestForm,
+        body: convertTokenRequestToType(requestBody, config.tokenRequestType)
       }
     )
   } catch (error: any) {
-    logger.error(error.data) // Log ofetch error data to console
+    logger.error(error?.data ?? error) // Log ofetch error data to console
     throw new Error('Failed to refresh token')
   }
 
@@ -100,6 +102,37 @@ export function generateFormDataRequest(requestValues: RefreshTokenRequest | Tok
   return requestBody
 }
 
+export function generateFormUrlEncodedRequest(requestValues: RefreshTokenRequest | TokenRequest) {
+  const requestEntries = Object.entries(requestValues).filter((entry): entry is [string, string] => typeof entry[1] === 'string')
+  return new URLSearchParams(requestEntries).toString()
+}
+
+export function convertTokenRequestToType(
+  requestValues: RefreshTokenRequest | TokenRequest, 
+  requestType: OidcProviderConfig['tokenRequestType'] = 'form',
+) {
+  switch (requestType) {
+    case 'json':
+      return requestValues
+    case 'form-urlencoded':
+      return generateFormUrlEncodedRequest(requestValues)
+    default:
+      return generateFormDataRequest(requestValues)
+  }
+}
+
+export function getTokenRequestContentType(
+  requestType: OidcProviderConfig['tokenRequestType'] = 'form',
+) {
+  return (
+    {
+      json: 'application/json',
+      form: 'multipart/form-data',
+      'form-urlencoded': 'application/x-www-form-urlencoded',
+    }[requestType]
+  )
+}
+
 export function convertObjectToSnakeCase(object: Record<string, any>) {
   return Object.entries(object).reduce((acc, [key, value]) => {
     acc[snakeCase(key)] = value
diff --git a/src/runtime/types/oidc.ts b/src/runtime/types/oidc.ts
index 1e10630..6c68f94 100644
--- a/src/runtime/types/oidc.ts
+++ b/src/runtime/types/oidc.ts
@@ -98,7 +98,7 @@ export interface OidcProviderConfig {
    * Token request type
    * @default 'form'
    */
-  tokenRequestType?: 'form' | 'json'
+  tokenRequestType?: 'form' | 'json' | 'form-urlencoded'
   /**
    * Audience used for token validation (not included in requests by default, use additionalTokenParameters or additionalAuthParameters to add it)
    */