diff --git a/conf/defaults.ini b/conf/defaults.ini
index 14e063f98e4..131db397561 100644
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -576,6 +576,7 @@ tls_client_cert =
 tls_client_key =
 tls_client_ca =
 use_pkce = false
+auth_style = 
 
 #################################### Basic Auth ##########################
 [auth.basic]
diff --git a/conf/sample.ini b/conf/sample.ini
index 4c8d1f9a27a..5a2d623dec8 100644
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -563,6 +563,7 @@
 ;tls_client_key =
 ;tls_client_ca =
 ;use_pkce = false
+;auth_style =
 
 #################################### Basic Auth ##########################
 [auth.basic]
diff --git a/pkg/login/social/social.go b/pkg/login/social/social.go
index 77e1def01ff..07928a0dacd 100644
--- a/pkg/login/social/social.go
+++ b/pkg/login/social/social.go
@@ -105,13 +105,26 @@ func ProvideService(cfg *setting.Cfg) *SocialService {
 
 		ss.oAuthProvider[name] = info
 
+		var authStyle oauth2.AuthStyle
+		switch strings.ToLower(sec.Key("auth_style").String()) {
+		case "inparams":
+			authStyle = oauth2.AuthStyleInParams
+		case "inheader":
+			authStyle = oauth2.AuthStyleInHeader
+		case "autodetect", "":
+			authStyle = oauth2.AuthStyleAutoDetect
+		default:
+			logger.Warn("Invalid auth style specified, defaulting to auth style AutoDetect", "auth_style", sec.Key("auth_style").String())
+			authStyle = oauth2.AuthStyleAutoDetect
+		}
+
 		config := oauth2.Config{
 			ClientID:     info.ClientId,
 			ClientSecret: info.ClientSecret,
 			Endpoint: oauth2.Endpoint{
 				AuthURL:   info.AuthUrl,
 				TokenURL:  info.TokenUrl,
-				AuthStyle: oauth2.AuthStyleAutoDetect,
+				AuthStyle: authStyle,
 			},
 			RedirectURL: strings.TrimSuffix(cfg.AppURL, "/") + SocialBaseUrl + name,
 			Scopes:      info.Scopes,