diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e1c7105..c6c34a9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Cast `$_SERVER['SERVER_PORT']` to integer to prevent adding 80 or 443 port to redirect URL. #403
 - Check subject when verifying JWT #406
 - Removed duplicate check on jwks_uri and only check if jwks_uri exists when needed #373
+* Enabled `client_secret_basic` authentication on `requestClientCredentialsToken()` #347
 
 ## [1.0.0] - 2023-12-13
 
diff --git a/composer.json b/composer.json
index 64825884..41cdada4 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
 {
     "name": "jumbojett/openid-connect-php",
-    "description": "Bare-bones OpenID Connect client",
+    "description": "Bare-bones OpenID Connect client (forked to allow client secret basic authentication on obtaining access token)",
     "license": "Apache-2.0",
     "require": {
         "php": ">=7.0",
@@ -13,6 +13,9 @@
         "roave/security-advisories": "dev-latest",
         "yoast/phpunit-polyfills": "^2.0"
     },
+	"replace": {
+		"jumbojett/openid-connect-php": "<=0.9.10"
+	},
     "archive" : {
         "exclude" : [
             ".*"
diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
index 07c00540..46f2f496 100644
--- a/src/OpenIDConnectClient.php
+++ b/src/OpenIDConnectClient.php
@@ -803,12 +803,12 @@ public function requestClientCredentialsToken() {
         $grant_type = 'client_credentials';
 
         $post_data = [
-            'grant_type'    => $grant_type,
-            'client_id'     => $this->clientID,
-            'client_secret' => $this->clientSecret,
-            'scope'         => implode(' ', $this->scopes)
+            'grant_type' => $grant_type,
+            'scope'      => implode(' ', $this->scopes)
         ];
 
+        $this->setOptionalBasicAuthentication($headers, $post_data);
+
         // Convert token params to string format
         $post_params = http_build_query($post_data, '', '&', $this->encType);
 
@@ -839,13 +839,7 @@ public function requestResourceOwnerToken(bool $bClientAuth = false) {
 
         //For client authentication include the client values
         if($bClientAuth) {
-            $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']);
-            if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) {
-                $headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))];
-            } else {
-                $post_data['client_id']     = $this->clientID;
-                $post_data['client_secret'] = $this->clientSecret;
-            }
+            $this->setOptionalBasicAuthentication($headers, $post_data);
         }
 
         // Convert token params to string format
@@ -854,6 +848,23 @@ public function requestResourceOwnerToken(bool $bClientAuth = false) {
         return json_decode($this->fetchURL($token_endpoint, $post_params, $headers), false);
     }
 
+    /**
+     * Use client basic authentication if supported.
+     *
+     * @param array $headers
+     * @param array $post_data
+     * @throws OpenIDConnectClientException
+     */
+    protected function setOptionalBasicAuthentication(&$headers, &$post_data) {
+        $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']);
+
+        if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) {
+            $headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))];
+        } else {
+            $post_data['client_id']     = $this->clientID;
+            $post_data['client_secret'] = $this->clientSecret;
+        }
+    }
 
     /**
      * Requests ID and Access tokens