This version of GitHub Enterprise will be discontinued on 2021-02-11. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Troubleshooting OAuth App access token request errors

When exchanging a code for an access token, there are an additional set of errors that can occur. The format of these responses is determined by the accept header you pass.

In this article

Note: These examples only show JSON responses.

Incorrect client credentials

If the client_id and or client_secret you pass are incorrect you will receive this error response.

{
  "error": "incorrect_client_credentials",
  "error_description": "The client_id and/or client_secret passed are incorrect.",
  "error_uri": "/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#incorrect-client-credentials"
}

To solve this error, make sure you have the correct credentials for your OAuth App. Double check the client_id and client_secret to make sure they are correct and being passed correctly to GitHub Enterprise Server.

Redirect URI mismatch

If you provide a redirect_uri that doesn't match what you've registered with your OAuth App, you'll receive this error message:

{
  "error": "redirect_uri_mismatch",
  "error_description": "The redirect_uri MUST match the registered callback URL for this application.",
  "error_uri": "/apps/managing-oauth-apps/troubleshooting-authorization-request-errors/#redirect-uri-mismatch2"
}

To correct this error, either provide a redirect_uri that matches what you registered or leave out this parameter to use the default one registered with your application.

Bad verification code

{
  "add_scopes": [
    "repo"
  ],
  "note": "admin script"
}

If the verification code you pass is incorrect, expired, or doesn't match what you received in the first request for authorization you will receive this error.

{
  "error": "bad_verification_code",
  "error_description": "The code passed is incorrect or expired.",
  "error_uri": "/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#bad-verification-code"
}

To solve this error, start the OAuth authorization process again and get a new code.

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.