Skip to main content
We publish frequent updates to our documentation, and translation of this page may still be in progress. For the most current information, please visit the English documentation.

This version of GitHub Enterprise was discontinued on 2023-03-15. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Troubleshooting OAuth app access token request errors

When exchanging a code for an access token, there are an additional set of errors that can occur. The format of these responses is determined by the accept header you pass.

Note: These examples only show JSON responses.

Incorrect client credentials

If the client_id and or client_secret you pass are incorrect you will receive this error response.

{
  "error": "incorrect_client_credentials",
  "error_description": "The client_id and/or client_secret passed are incorrect.",
  "error_uri": "/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#incorrect-client-credentials"
}

To solve this error, make sure you have the correct credentials for your OAuth app. Double check the client_id and client_secret to make sure they are correct and being passed correctly to GitHub Enterprise Server.

Redirect URI mismatch

If you provide a redirect_uri that doesn't match what you've registered with your OAuth app, you'll receive this error message:

{
  "error": "redirect_uri_mismatch",
  "error_description": "The redirect_uri MUST match the registered callback URL for this application.",
  "error_uri": "/apps/managing-oauth-apps/troubleshooting-authorization-request-errors/#redirect-uri-mismatch2"
}

To correct this error, either provide a redirect_uri that matches what you registered or leave out this parameter to use the default one registered with your application.

Bad verification code

{
  "add_scopes": [
    "repo"
  ],
  "note": "admin script"
}

If the verification code you pass is incorrect, expired, or doesn't match what you received in the first request for authorization you will receive this error.

{
  "error": "bad_verification_code",
  "error_description": "The code passed is incorrect or expired.",
  "error_uri": "/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#bad-verification-code"
}

To solve this error, start the OAuth authorization process again and get a new code.