Yeah, we already have created a ticket to update the docs. To be clear the spec does allow for accepting client credentials as application/x-www-form-urlencoded in the body but describes it as MAY not MUST so when I communicate to people I always steer them to the Basic Authorization header, especially when I read stuff like below. We use a 3rd party to handle our OAuth token processing so if there ever decide to change something I like to be conservative with the spec so we can hold them to it. Anyhow long winded apology for you are right 
Glad everything is working now for you. If you run into anything else don’t hesitate to hit us up.
Including the client credentials in the request-body using the two
parameters is NOT RECOMMENDED and SHOULD be limited to clients unable
to directly utilize the HTTP Basic authentication scheme (or other
password-based HTTP authentication schemes). The parameters can only
be transmitted in the request-body and MUST NOT be included in the
request URI.