diff --git a/CHANGELOG.md b/CHANGELOG.md
index f392aeb..a2c451c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+UNRELEASED
+-----
+- BREAKING: Bump `oauth2` dependency to v2.0
+
 0.17.1
 ------
 - Some internal cleanup
diff --git a/fitbit_api.gemspec b/fitbit_api.gemspec
index dba50df..19795fd 100644
--- a/fitbit_api.gemspec
+++ b/fitbit_api.gemspec
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 1.9.3'
 
-  spec.add_runtime_dependency     'oauth2', '~> 1.0'
+  spec.add_runtime_dependency     'oauth2', '~> 2.0'
 
   spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.12'
diff --git a/lib/fitbit_api/client.rb b/lib/fitbit_api/client.rb
index 139cbb4..e41f3b6 100644
--- a/lib/fitbit_api/client.rb
+++ b/lib/fitbit_api/client.rb
@@ -72,7 +72,7 @@ def revoke_token!
       headers = default_request_headers.merge(auth_headers)
       response = token.post('oauth2/revoke', { headers: headers, body: body }).response
 
-      process_keys!(MultiJson.load(response.body))
+      process_keys!(JSON.parse(response.body))
     end
 
     # Performs an authorized GET request to the configured API namespace.
@@ -173,7 +173,7 @@ def request(verb, path, opts = {}, &block)
       refresh_token! if auto_refresh_token && token.expired?
 
       response = token.public_send(verb, request_path, request_options, &block).response
-      response_body = MultiJson.load(response.body) unless response.status == 204
+      response_body = JSON.parse(response.body) unless response.status == 204
 
       process_keys!(response_body)
     end