diff --git a/app/controllers/devise_token_auth/application_controller.rb b/app/controllers/devise_token_auth/application_controller.rb
index 8d79e033e..f0ce514be 100644
--- a/app/controllers/devise_token_auth/application_controller.rb
+++ b/app/controllers/devise_token_auth/application_controller.rb
@@ -33,7 +33,9 @@ def build_redirect_headers(access_token, client, redirect_header_options = {})
 
     def params_for_resource(resource)
       devise_parameter_sanitizer.instance_values['permitted'][resource].each do |type|
-        params[type.to_s] ||= request.headers[type.to_s] unless request.headers[type.to_s].nil?
+        key = 'HTTP_' + type.to_s.upcase
+        value_from_header = request.headers[type.to_s] || request.headers[key]
+        params[type.to_s] ||= value_from_header unless value_from_header.nil?
       end
       devise_parameter_sanitizer.instance_values['permitted'][resource]
     end