diff --git a/cmd/eksterd/auth.go b/cmd/eksterd/auth.go
index 571722e..48eb5d9 100644
--- a/cmd/eksterd/auth.go
+++ b/cmd/eksterd/auth.go
@@ -6,6 +6,7 @@ import (
 	"log"
 	"net/http"
 	"regexp"
+	"strings"
 	"time"
 
 	"github.com/gomodule/redigo/redis"
@@ -69,16 +70,20 @@ func checkAuthToken(header string, tokenEndpoint string, token *auth.TokenRespon
 	}()
 
 	if res.StatusCode < 200 || res.StatusCode >= 300 {
-		return false, fmt.Errorf("got unsuccessfull http status code while verifying token: %d", res.StatusCode)
+		return false, fmt.Errorf("got unsuccessful http status code while verifying token: %d", res.StatusCode)
 	}
 
-	dec := json.NewDecoder(res.Body)
-	err = dec.Decode(&token)
-	if err != nil {
-		return false, errors.Wrap(err, "could not decode json body")
+	contentType := res.Header.Get("content-type")
+	if strings.HasPrefix(contentType, "application/json") {
+		dec := json.NewDecoder(res.Body)
+		err = dec.Decode(&token)
+		if err != nil {
+			return false, errors.Wrap(err, "could not decode json body")
+		}
+		return true, nil
 	}
 
-	return true, nil
+	return false, errors.Wrapf(err, "unknown content-type %q while checking auth token", contentType)
 }
 
 func buildValidateAuthTokenRequest(tokenEndpoint string, header string) (*http.Request, error) {
diff --git a/cmd/eksterd/http.go b/cmd/eksterd/http.go
index b352117..2e8cce5 100644
--- a/cmd/eksterd/http.go
+++ b/cmd/eksterd/http.go
@@ -4,10 +4,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"net/http"
 	"net/url"
-	"os"
 	"strings"
 	"time"
 
@@ -181,14 +181,28 @@ func verifyAuthCode(code, redirectURI, authEndpoint, clientID string) (bool, *au
 		return false, nil, fmt.Errorf("HTTP response code from authorization_endpoint (%s) %d", authEndpoint, resp.StatusCode)
 	}
 
-	input := io.TeeReader(resp.Body, os.Stderr)
-
-	var authResponse authResponse
-	if err := json.NewDecoder(input).Decode(&authResponse); err != nil {
-		return false, nil, fmt.Errorf("while verifying authentication response from %s: %s", authEndpoint, err)
+	contentType := resp.Header.Get("Content-Type")
+	if strings.HasPrefix(contentType, "application/json") {
+		var authResponse authResponse
+		if err := json.NewDecoder(resp.Body).Decode(&authResponse); err != nil {
+			return false, nil, fmt.Errorf("while verifying authentication response from %s: %s", authEndpoint, err)
+		}
+		return true, &authResponse, nil
+	} else if strings.HasPrefix(contentType, "application/x-form-urlencoded") {
+		var authResponse authResponse
+		s, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return false, nil, fmt.Errorf("while reading response body: %s", err)
+		}
+		values, err := url.ParseQuery(string(s))
+		if err != nil {
+			return false, nil, fmt.Errorf("while reading response body: %s", err)
+		}
+		authResponse.Me = values.Get("me")
+		return true, &authResponse, nil
 	}
 
-	return true, &authResponse, nil
+	return false, nil, fmt.Errorf("unknown content-type %q while verifying authorization_code", contentType)
 }
 
 func isLoggedIn(backend *memoryBackend, sess *session) bool {