diff --git a/apps/backend/src/app/api/v1/integrations/neon/oauth/token/route.tsx b/apps/backend/src/app/api/v1/integrations/neon/oauth/token/route.tsx
index e1ed15353..3760155dc 100644
--- a/apps/backend/src/app/api/v1/integrations/neon/oauth/token/route.tsx
+++ b/apps/backend/src/app/api/v1/integrations/neon/oauth/token/route.tsx
@@ -1,6 +1,6 @@
 import { prismaClient } from "@/prisma-client";
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
-import { yupMixed, yupNumber, yupObject, yupString, yupUnion } from "@stackframe/stack-shared/dist/schema-fields";
+import { yupMixed, yupNumber, yupObject, yupString, yupTuple, yupUnion } from "@stackframe/stack-shared/dist/schema-fields";
 import { getEnvVariable } from "@stackframe/stack-shared/dist/utils/env";
 import { StackAssertionError } from "@stackframe/stack-shared/dist/utils/errors";
 
@@ -14,10 +14,11 @@ export const POST = createSmartRouteHandler({
       grant_type: yupString().oneOf(["authorization_code"]).defined(),
       code: yupString().defined(),
       code_verifier: yupString().defined(),
-      client_id: yupString().defined(),
-      client_secret: yupString().defined(),
       redirect_uri: yupString().defined(),
     }).defined(),
+    headers: yupObject({
+      authorization: yupTuple([yupString().defined()]).defined(),
+    }).defined(),
   }),
   response: yupUnion(
     yupObject({
@@ -41,6 +42,7 @@ export const POST = createSmartRouteHandler({
       body: new URLSearchParams(req.body).toString(),
       headers: {
         "Content-Type": "application/x-www-form-urlencoded",
+        Authorization: req.headers.authorization[0],
       },
     });
     if (!tokenResponse.ok) {