diff --git a/flask_jwt/__init__.py b/flask_jwt/__init__.py
index f864b78..132a832 100644
--- a/flask_jwt/__init__.py
+++ b/flask_jwt/__init__.py
@@ -112,11 +112,14 @@ def _default_request_handler():
 
 def _default_auth_request_handler():
     data = request.get_json()
-    username = data.get(current_app.config.get('JWT_AUTH_USERNAME_KEY'), None)
-    password = data.get(current_app.config.get('JWT_AUTH_PASSWORD_KEY'), None)
-    criterion = [username, password, len(data) == 2]
+    if not isinstance(data, dict):  # Strings/arrays, or non-JSON mimetype
+        raise JWTError('Bad Request', 'Credentials must be a JSON object')
 
-    if not all(criterion):
+    username = data.get(current_app.config.get('JWT_AUTH_USERNAME_KEY'))
+    password = data.get(current_app.config.get('JWT_AUTH_PASSWORD_KEY'))
+    criteria = [username, password, len(data) == 2]
+
+    if not all(criteria):
         raise JWTError('Bad Request', 'Invalid credentials')
 
     identity = _jwt.authentication_callback(username, password)