diff --git a/.env b/.env
index 3a453ab8f..58887a98f 100644
--- a/.env
+++ b/.env
@@ -53,3 +53,5 @@ HOST=http://172.17.0.1:8080
 USE_DECOS_MOCK_DATA=False
 SESSION_COOKIE_AGE=25200
 AXES_ENABLED=False
+BRP_CLIENT_ID = client_id
+BRP_CLIENT_SECRET = client_secret
diff --git a/.gitignore b/.gitignore
index a6d52bd8c..1e6e26ae0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@ __pycache__/
 app/.env
 app/.coverage
 private_media/
+.local.env
diff --git a/.local.env.example b/.local.env.example
new file mode 100644
index 000000000..8272b128d
--- /dev/null
+++ b/.local.env.example
@@ -0,0 +1,3 @@
+# Set these in your .local.env file
+BRP_CLIENT_ID=
+BRP_CLIENT_SECRET=
diff --git a/app/apps/addresses/views.py b/app/apps/addresses/views.py
index 5a68d8114..6e4581e49 100644
--- a/app/apps/addresses/views.py
+++ b/app/apps/addresses/views.py
@@ -41,7 +41,7 @@ class AddressViewSet(
     serializer_class = AddressSerializer
     queryset = Address.objects.all()
     lookup_field = "bag_id"
-    http_method_names = ["get", "patch"]
+    http_method_names = ["get", "patch", "post"]
 
     def update(self, request, bag_id, *args, **kwargs):
         address_instance = Address.objects.get(bag_id=bag_id)
@@ -56,7 +56,7 @@ def update(self, request, bag_id, *args, **kwargs):
 
     @action(
         detail=True,
-        methods=["get"],
+        methods=["post"],
         serializer_class=ResidentsSerializer,
         url_path="residents",
         permission_classes=[permissions.CanAccessBRP],
@@ -81,9 +81,9 @@ def residents_by_bag_id(self, request, bag_id):
         # nummeraanduiding_id should have been retrieved, so get BRP data
         if address.nummeraanduiding_id:
             try:
-                brp_access_token = request.GET.get("brp_access_token", None)
+                obo_acces_stoken = request.data.get("obo_acces_stoken")
                 brp_data, status_code = get_brp_by_nummeraanduiding_id(
-                    request, address.nummeraanduiding_id, brp_access_token
+                    request, address.nummeraanduiding_id, obo_acces_stoken
                 )
                 serialized_residents = ResidentsSerializer(data=brp_data)
                 serialized_residents.is_valid(raise_exception=True)
diff --git a/app/config/settings.py b/app/config/settings.py
index c3b961604..4a172ca6b 100644
--- a/app/config/settings.py
+++ b/app/config/settings.py
@@ -365,6 +365,8 @@ def filter_traces(envelope):
     ]
 )
 
+BRP_CLIENT_ID = os.getenv("BRP_CLIENT_ID", "BRP_CLIENT_ID")
+BRP_CLIENT_SECRET = os.getenv("BRP_CLIENT_SECRET", "BRP_CLIENT_SECRET")
 # Secret keys which can be used to access certain parts of the API
 SECRET_KEY_TOP_ZAKEN = os.getenv("SECRET_KEY_TOP_ZAKEN", None)
 SECRET_KEY_TON_ZAKEN = os.getenv("SECRET_KEY_TON_ZAKEN", None)
diff --git a/app/utils/api_queries_brp.py b/app/utils/api_queries_brp.py
index e19879d2d..9de7661a2 100644
--- a/app/utils/api_queries_brp.py
+++ b/app/utils/api_queries_brp.py
@@ -2,13 +2,13 @@
 
 import requests
 from django.conf import settings
-from tenacity import after_log, retry, stop_after_attempt
+from tenacity import retry, stop_after_attempt
 from utils.exceptions import MKSPermissionsError
 
 logger = logging.getLogger(__name__)
 
 
-def get_brp_by_nummeraanduiding_id(request, nummeraanduiding_id, brp_access_token):
+def get_brp_by_nummeraanduiding_id(request, nummeraanduiding_id, obo_acces_stoken):
     """Returns BRP data by bag_"""
 
     queryParams = {
@@ -16,7 +16,7 @@ def get_brp_by_nummeraanduiding_id(request, nummeraanduiding_id, brp_access_toke
         "inclusiefoverledenpersonen": "true",
         "expand": "partners,ouders,kinderen",
     }
-    return get_brp(request, queryParams, brp_access_token)
+    return get_brp(queryParams, obo_acces_stoken)
 
 
 def get_brp_by_address(request, postal_code, number, suffix, suffix_letter):
@@ -43,12 +43,11 @@ def get_brp_by_address(request, postal_code, number, suffix, suffix_letter):
     return get_brp(request, queryParams)
 
 
-@retry(stop=stop_after_attempt(3), after=after_log(logger, logging.ERROR))
-def get_brp(request, queryParams, brp_access_token):
+@retry(stop=stop_after_attempt(3))
+def get_brp(queryParams, obo_acces_stoken):
     """Returns BRP data"""
-
     url = f"{settings.BRP_API_URL}"
-
+    brp_access_token = get_brp_access_token(obo_acces_stoken)
     response = requests.get(
         url,
         params=queryParams,
@@ -57,12 +56,29 @@ def get_brp(request, queryParams, brp_access_token):
             "Authorization": f"Bearer {brp_access_token}",
         },
     )
+    print(response.text)
     if response.status_code == 403:
         raise MKSPermissionsError()
 
     return response.json(), response.status_code
 
 
+def get_brp_access_token(obo_acces_stoken):
+    url = settings.OIDC_OP_TOKEN_ENDPOINT
+    payload = {
+        "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
+        "client_id": settings.BRP_CLIENT_ID,
+        "client_secret": settings.BRP_CLIENT_SECRET,
+        "assertion": obo_acces_stoken,
+        "scope": f"{settings.BRP_CLIENT_ID}/.default",
+        "requested_token_use": "on_behalf_of",
+    }
+
+    response = requests.request("POST", url, data=payload)
+    print(response.text)
+    return response.json().get("access_token")
+
+
 def get_mock_brp():
     return {
         "message": "mocked data",
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 5b3df1aed..7446beeee 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -36,6 +36,7 @@ services:
       - zaak-redis
     env_file:
       - .env
+      - .local.env
     entrypoint: /app/deploy/docker-entrypoint.development.sh
     command: python -m debugpy --listen 0.0.0.0:5678 ./manage.py runserver 0.0.0.0:8000
     volumes: