diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 9e178ebe..9e7f646c 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -34,7 +34,7 @@
     [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240],
     [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065]
   ],
-  "spec/oauth2/client_spec.rb:292714281": [
+  "spec/oauth2/client_spec.rb:2143306493": [
     [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885],
     [175, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224],
     [194, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205],
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 264910a0..88c942ea 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - improved documentation by @pboling
 - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth)
+- Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README
+- Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as:
   - PKCE required for auth code,
   - exact redirect URI match,
diff --git a/README.md b/README.md
index 5ea07326..40ec87b4 100644
--- a/README.md
+++ b/README.md
@@ -991,6 +991,48 @@ client = OAuth2::Client.new(
 end
 ```
 
+##### Using flat query params (Faraday::FlatParamsEncoder)
+
+Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
+
+```ruby
+require "faraday"
+
+client = OAuth2::Client.new(
+  id,
+  secret,
+  site: "https://api.example.com",
+  # Pass Faraday connection options to make FlatParamsEncoder the default
+  connection_opts: {
+    request: {params_encoder: Faraday::FlatParamsEncoder},
+  },
+) do |faraday|
+  faraday.request(:url_encoded)
+  faraday.adapter(:net_http)
+end
+
+access = client.client_credentials.get_token
+
+# Example of a GET with two flat filter params (not an array):
+# Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
+resp = access.get(
+  "/v1/orders",
+  params: {
+    # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
+    filter: [
+      "order.clientCreatedTime>1445006997000",
+      "order.clientCreatedTime<1445611797000",
+    ],
+  },
+)
+```
+
+If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
+
+```ruby
+conn = Faraday.new("https://api.example.com", request: {params_encoder: Faraday::FlatParamsEncoder})
+```
+
 #### Redirection
 
 The library follows up to `max_redirects` (default 5).
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 5ac242ac..c86bff71 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ <h3 class="signature first" id="configure-class_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index be573ceb..7212e270 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ <h3 class="signature " id="to_hash-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index d1e8ac9b..1fb60f7a 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ <h3 class="signature first" id="apply-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 083e6461..359ce495 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ <h3 class="signature " id="token_url-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 2a1497a9..13889173 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ <h3 class="signature " id="response-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 8eecda7f..29e84587 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ <h3 class="signature first" id="inspect-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 8f462b6b..48dfc2fb 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ <h3 class="signature " id="filtered_attributes-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 59b51256..e2671de9 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ <h3 class="signature " id="status-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index a2cb9437..2a3c3b80 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ <h2>Defined Under Namespace</h2>
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 431c6130..3a28ccf1 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ <h3 class="signature " id="get_token-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index eb2b5df1..c600087b 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ <h3 class="signature " id="get_token-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index b4cccf51..309f3020 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ <h3 class="signature first" id="initialize-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index ae1ee71f..80e3c054 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ <h3 class="signature " id="get_token-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 89cda099..8c2b73e8 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ <h3 class="signature " id="get_token-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 7f30be63..28d25a19 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ <h3 class="signature " id="get_token-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index b77c91f2..de21a700 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ <h2>
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/_index.html b/docs/_index.html
index 847f17b2..8cc10983 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -366,7 +366,7 @@ <h2>Namespace Listing A-Z</h2>
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:07 2025 by
+  Generated on Sun Aug 31 04:57:43 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index b28f4c4b..61e1d9ba 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -67,6 +67,9 @@ <h2 id="unreleased"><a href="https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0
 <h3 id="added">Added</h3>
 <ul>
   <li>improved documentation by @pboling</li>
+  <li>Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth)</li>
+  <li>Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README</li>
+  <li>Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)</li>
   <li>documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as:
     <ul>
       <li>PKCE required for auth code,</li>
@@ -1245,7 +1248,7 @@ <h2 id="001---2010-04-22">
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:43 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 6b826eb1..571eccfa 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index f6e031d6..b68c6647 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ <h2 id="attribution">Attribution</h2>
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:43 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 6b6331c4..33182acd 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ <h4 id="manual-process">Manual process</h4>
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 40725527..60c5082a 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ <h1 id="another-way-to-support-open-source-software">Another Way to Support Open
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index a07d6c0e..0cecdb01 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       <div id="content"><div id='filecontents'>MIT License<br><br>Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors<br>Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.<br><br>Permission is hereby granted, free of charge, to any person obtaining a copy<br>of this software and associated documentation files (the "Software"), to deal<br>in the Software without restriction, including without limitation the rights<br>to use, copy, modify, merge, publish, distribute, sublicense, and/or sell<br>copies of the Software, and to permit persons to whom the Software is<br>furnished to do so, subject to the following conditions:<br><br>The above copyright notice and this permission notice shall be included in all<br>copies or substantial portions of the Software.<br><br>THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR<br>IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,<br>FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE<br>AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER<br>LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,<br>OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br>SOFTWARE.</div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 6d44d273..e6c66e82 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ <h2 id="raw-oidc-with-ruby-oauthoauth2">Raw OIDC with ruby-oauth/oauth2</h2>
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.README.html b/docs/file.README.html
index d8f9587c..893af48b 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -1053,10 +1053,63 @@ <h3 id="token-revocation-rfc-7009">Token Revocation (RFC 7009)</h3>
 
 <h3 id="client-configuration-tips">Client Configuration Tips</h3>
 
+<h4 id="mutual-tls-mtls-client-authentication">Mutual TLS (mTLS) client authentication</h4>
+
+<p>Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.</p>
+
+<p>Example using PEM files (certificate and key):</p>
+
+<pre class="code language-ruby"><code class="language-ruby">require &quot;oauth2&quot;
+require &quot;openssl&quot;
+
+client = OAuth2::Client.new(
+  ENV.fetch(&quot;CLIENT_ID&quot;),
+  ENV.fetch(&quot;CLIENT_SECRET&quot;),
+  site: &quot;https://example.com&quot;,
+  authorize_url: &quot;/oauth/authorize/&quot;,
+  token_url: &quot;/oauth/token/&quot;,
+  auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
+  connection_opts: {
+    ssl: {
+      client_cert: OpenSSL::X509::Certificate.new(File.read(&quot;localhost.pem&quot;)),
+      client_key: OpenSSL::PKey::RSA.new(File.read(&quot;localhost-key.pem&quot;)),
+      # Optional extras, uncomment as needed:
+      # ca_file: &quot;/path/to/ca-bundle.pem&quot;,   # custom CA(s)
+      # verify: true                           # enable server cert verification (recommended)
+    },
+  },
+)
+
+# Example token request (any grant type can be used). The mTLS handshake
+# will occur automatically on HTTPS calls using the configured cert/key.
+access = client.client_credentials.get_token
+
+# Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
+resp = access.get(&quot;/v1/protected&quot;)
+</code></pre>
+
+<p>Notes:</p>
 <ul>
-  <li>Authentication schemes for the token request:</li>
+  <li>Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV[“KEY_PASSWORD”]).</li>
+  <li>If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
+    <ul>
+      <li>p12 = OpenSSL::PKCS12.new(File.read(“client.p12”), ENV[“P12_PASSWORD”])</li>
+      <li>client_cert = p12.certificate; client_key = p12.key</li>
+    </ul>
+  </li>
+  <li>Server trust:
+    <ul>
+      <li>If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.</li>
+      <li>Keep verify: true in production. Set verify: false only for local testing.</li>
+    </ul>
+  </li>
+  <li>Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.</li>
+  <li>Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).</li>
+  <li>OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.</li>
 </ul>
 
+<h4 id="authentication-schemes-for-the-token-request">Authentication schemes for the token request</h4>
+
 <pre class="code language-ruby"><code class="language-ruby">OAuth2::Client.new(
   id,
   secret,
@@ -1065,9 +1118,7 @@ <h3 id="client-configuration-tips">Client Configuration Tips</h3>
 )
 </code></pre>
 
-<ul>
-  <li>Faraday connection, timeouts, proxy, custom adapter/middleware:</li>
-</ul>
+<h4 id="faraday-connection-timeouts-proxy-custom-adaptermiddleware">Faraday connection, timeouts, proxy, custom adapter/middleware:</h4>
 
 <pre class="code language-ruby"><code class="language-ruby">client = OAuth2::Client.new(
   id,
@@ -1085,9 +1136,50 @@ <h3 id="client-configuration-tips">Client Configuration Tips</h3>
 end
 </code></pre>
 
-<ul>
-  <li>Redirection: The library follows up to <code>max_redirects</code> (default 5). You can override per-client via <code>options[:max_redirects]</code>.</li>
-</ul>
+<h5 id="using-flat-query-params-faradayflatparamsencoder">Using flat query params (Faraday::FlatParamsEncoder)</h5>
+
+<p>Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.</p>
+
+<pre class="code language-ruby"><code class="language-ruby">require &quot;faraday&quot;
+
+client = OAuth2::Client.new(
+  id,
+  secret,
+  site: &quot;https://api.example.com&quot;,
+  # Pass Faraday connection options to make FlatParamsEncoder the default
+  connection_opts: {
+    request: {params_encoder: Faraday::FlatParamsEncoder},
+  },
+) do |faraday|
+  faraday.request(:url_encoded)
+  faraday.adapter(:net_http)
+end
+
+access = client.client_credentials.get_token
+
+# Example of a GET with two flat filter params (not an array):
+# Results in: ?filter=order.clientCreatedTime%3E1445006997000&amp;filter=order.clientCreatedTime%3C1445611797000
+resp = access.get(
+  &quot;/v1/orders&quot;,
+  params: {
+    # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
+    filter: [
+      &quot;order.clientCreatedTime&gt;1445006997000&quot;,
+      &quot;order.clientCreatedTime&lt;1445611797000&quot;,
+    ],
+  },
+)
+</code></pre>
+
+<p>If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:</p>
+
+<pre class="code language-ruby"><code class="language-ruby">conn = Faraday.new(&quot;https://api.example.com&quot;, request: {params_encoder: Faraday::FlatParamsEncoder})
+</code></pre>
+
+<h4 id="redirection">Redirection</h4>
+
+<p>The library follows up to <code>max_redirects</code> (default 5).<br>
+You can override per-client via <code>options[:max_redirects]</code>.</p>
 
 <h3 id="handling-responses-and-errors">Handling Responses and Errors</h3>
 
@@ -1376,7 +1468,7 @@ <h3 id="please-give-the-project-a-star--">Please give the project a star ⭐ ♥
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:07 2025 by
+  Generated on Sun Aug 31 04:57:43 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 90047ac4..b064d230 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 2b54635d..ee1b3370 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ <h2 id="benefits-of-rubocop_gradual">Benefits of rubocop_gradual</h2>
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 5543e445..53ad1d22 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ <h2 id="enterprise-support">Enterprise Support</h2>
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index f5c107c0..e947e9b5 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index 92e43342..b55ae39b 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.client.html b/docs/file.client.html
index 54a8ee04..0b92d6ca 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.error.html b/docs/file.error.html
index a67057bf..8548b09b 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 321800fb..83557a79 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index f2067f05..2ffc9eda 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 0de82d22..da2c6757 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index a68ef53b..340caa14 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index b709b725..d18bc2e8 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index 13aa7462..4f8019ea 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.response.html b/docs/file.response.html
index 4d995be8..e148314f 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 4a213119..1bda5575 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.version.html b/docs/file.version.html
index 40991e29..59dd25c8 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/index.html b/docs/index.html
index d06c59d7..9230e816 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1053,10 +1053,63 @@ <h3 id="token-revocation-rfc-7009">Token Revocation (RFC 7009)</h3>
 
 <h3 id="client-configuration-tips">Client Configuration Tips</h3>
 
+<h4 id="mutual-tls-mtls-client-authentication">Mutual TLS (mTLS) client authentication</h4>
+
+<p>Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.</p>
+
+<p>Example using PEM files (certificate and key):</p>
+
+<pre class="code language-ruby"><code class="language-ruby">require &quot;oauth2&quot;
+require &quot;openssl&quot;
+
+client = OAuth2::Client.new(
+  ENV.fetch(&quot;CLIENT_ID&quot;),
+  ENV.fetch(&quot;CLIENT_SECRET&quot;),
+  site: &quot;https://example.com&quot;,
+  authorize_url: &quot;/oauth/authorize/&quot;,
+  token_url: &quot;/oauth/token/&quot;,
+  auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
+  connection_opts: {
+    ssl: {
+      client_cert: OpenSSL::X509::Certificate.new(File.read(&quot;localhost.pem&quot;)),
+      client_key: OpenSSL::PKey::RSA.new(File.read(&quot;localhost-key.pem&quot;)),
+      # Optional extras, uncomment as needed:
+      # ca_file: &quot;/path/to/ca-bundle.pem&quot;,   # custom CA(s)
+      # verify: true                           # enable server cert verification (recommended)
+    },
+  },
+)
+
+# Example token request (any grant type can be used). The mTLS handshake
+# will occur automatically on HTTPS calls using the configured cert/key.
+access = client.client_credentials.get_token
+
+# Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
+resp = access.get(&quot;/v1/protected&quot;)
+</code></pre>
+
+<p>Notes:</p>
 <ul>
-  <li>Authentication schemes for the token request:</li>
+  <li>Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV[“KEY_PASSWORD”]).</li>
+  <li>If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
+    <ul>
+      <li>p12 = OpenSSL::PKCS12.new(File.read(“client.p12”), ENV[“P12_PASSWORD”])</li>
+      <li>client_cert = p12.certificate; client_key = p12.key</li>
+    </ul>
+  </li>
+  <li>Server trust:
+    <ul>
+      <li>If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.</li>
+      <li>Keep verify: true in production. Set verify: false only for local testing.</li>
+    </ul>
+  </li>
+  <li>Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.</li>
+  <li>Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).</li>
+  <li>OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.</li>
 </ul>
 
+<h4 id="authentication-schemes-for-the-token-request">Authentication schemes for the token request</h4>
+
 <pre class="code language-ruby"><code class="language-ruby">OAuth2::Client.new(
   id,
   secret,
@@ -1065,9 +1118,7 @@ <h3 id="client-configuration-tips">Client Configuration Tips</h3>
 )
 </code></pre>
 
-<ul>
-  <li>Faraday connection, timeouts, proxy, custom adapter/middleware:</li>
-</ul>
+<h4 id="faraday-connection-timeouts-proxy-custom-adaptermiddleware">Faraday connection, timeouts, proxy, custom adapter/middleware:</h4>
 
 <pre class="code language-ruby"><code class="language-ruby">client = OAuth2::Client.new(
   id,
@@ -1085,9 +1136,50 @@ <h3 id="client-configuration-tips">Client Configuration Tips</h3>
 end
 </code></pre>
 
-<ul>
-  <li>Redirection: The library follows up to <code>max_redirects</code> (default 5). You can override per-client via <code>options[:max_redirects]</code>.</li>
-</ul>
+<h5 id="using-flat-query-params-faradayflatparamsencoder">Using flat query params (Faraday::FlatParamsEncoder)</h5>
+
+<p>Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.</p>
+
+<pre class="code language-ruby"><code class="language-ruby">require &quot;faraday&quot;
+
+client = OAuth2::Client.new(
+  id,
+  secret,
+  site: &quot;https://api.example.com&quot;,
+  # Pass Faraday connection options to make FlatParamsEncoder the default
+  connection_opts: {
+    request: {params_encoder: Faraday::FlatParamsEncoder},
+  },
+) do |faraday|
+  faraday.request(:url_encoded)
+  faraday.adapter(:net_http)
+end
+
+access = client.client_credentials.get_token
+
+# Example of a GET with two flat filter params (not an array):
+# Results in: ?filter=order.clientCreatedTime%3E1445006997000&amp;filter=order.clientCreatedTime%3C1445611797000
+resp = access.get(
+  &quot;/v1/orders&quot;,
+  params: {
+    # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
+    filter: [
+      &quot;order.clientCreatedTime&gt;1445006997000&quot;,
+      &quot;order.clientCreatedTime&lt;1445611797000&quot;,
+    ],
+  },
+)
+</code></pre>
+
+<p>If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:</p>
+
+<pre class="code language-ruby"><code class="language-ruby">conn = Faraday.new(&quot;https://api.example.com&quot;, request: {params_encoder: Faraday::FlatParamsEncoder})
+</code></pre>
+
+<h4 id="redirection">Redirection</h4>
+
+<p>The library follows up to <code>max_redirects</code> (default 5).<br>
+You can override per-client via <code>options[:max_redirects]</code>.</p>
 
 <h3 id="handling-responses-and-errors">Handling Responses and Errors</h3>
 
@@ -1376,7 +1468,7 @@ <h3 id="please-give-the-project-a-star--">Please give the project a star ⭐ ♥
 </div></div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:07 2025 by
+  Generated on Sun Aug 31 04:57:43 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index e19df3d2..804b5068 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ <h2>Defined Under Namespace</h2>
 </div>
 
       <div id="footer">
-  Generated on Sun Aug 31 04:29:08 2025 by
+  Generated on Sun Aug 31 04:57:44 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb
index 31590250..741e7568 100644
--- a/spec/oauth2/client_spec.rb
+++ b/spec/oauth2/client_spec.rb
@@ -1339,6 +1339,37 @@ def self.contains_token?(hash)
     end
   end
 
+  context "when using Faraday::FlatParamsEncoder" do
+    before do
+      skip("Faraday::FlatParamsEncoder not available in this Faraday version") unless defined?(Faraday::FlatParamsEncoder)
+    end
+
+    it "does not discard repeated params and encodes them as flat keys" do
+      client = stubbed_client(connection_opts: {request: {params_encoder: Faraday::FlatParamsEncoder}}) do |stub|
+        stub.get("/v1/orders") do |env|
+          # Query string should contain two repeated filter keys with encoded operators
+          qs = env.url.query.to_s
+          expect(qs).to include("filter=order.clientCreatedTime%3E1445006997000")
+          expect(qs).to include("filter=order.clientCreatedTime%3C1445611797000")
+          # Ensure both occurrences exist (not collapsed)
+          expect(qs.scan(/\bfilter=/).size).to be >= 2
+          [200, {"Content-Type" => "application/json"}, JSON.dump({ok: true})]
+        end
+      end
+
+      token = OAuth2::AccessToken.new(client, "token123")
+      token.get(
+        "/v1/orders",
+        params: {
+          filter: [
+            "order.clientCreatedTime>1445006997000",
+            "order.clientCreatedTime<1445611797000",
+          ],
+        },
+      )
+    end
+  end
+
   def stubbed_client(params = {}, &stubs)
     params = {site: "https://api.example.com"}.merge(params)
     OAuth2::Client.new("abc", "def", params) do |builder|