Currently passport-oauth2 only allows for Content-Type to be application/x-www-form-urlencoded this will allow for the https://www.openplugin.io/ launchpad to be more secure and for a less distributed system architecture.
jaredhanson/passport-oauth2#176