Skip to content


Getting "OAuth2::HTTPError: Received HTTP 400 during request" occassionaly. #34

mongrelion opened this Issue · 21 comments

10 participants


Hi there o/

I'm using your library for a very light login system using Facebook Connect. Here's the deal:
Sometimes I get an HTTP 400 and it's kinda hard to figure out why this is happening. I've been walking through the OAuth2 library code, looking for the exception that is been thrown, finding this
In the end, is not crystal clear to me why I'm getting this response from the server, and maybe the URL that your library is sending to it, is not well formed, I don't know.

Has this ever happened to you? I hope you can help me.




I am facing the same issue. Anybody was able to solve this: "OAuth2 HttpError Received HTTP 400 during request" ? Any clues/pointers?


+1 except I'm getting it on every request. I'm using Oauth2 as part of Omniauth.


Here's what I've discovered: if you pass the code get attribute as part of your callback url (as omniauth was doing) FB will 400 on you. For now I'm just making sure that all get parameters are stripped off before passing the url to Oauth2. I may create a patch once I see what the spec has to say about the issue.


I had the same problem. I had to add

:access_token_method => :post 

to my new client instance.
    :access_token_method => :post,
    :authorize_path => '/oauth2/authorize',
    :access_token_path => '/oauth2/access_token',
    parse_json: true,
    :site => PROVIDER_URL

Also getting this error. Everything works fine when I am working off my local machine, but when I push it to the web for testing, it fails with the 400 on every request. I've tried matthiasjakel's solution, to no avail. Here's what my client instance call looks like:

client =, FACEBOOK_SECRET, {:site => FACEBOOK_API_URL, :access_token_method => :post})

If anyone has any insight, I'd appreciate it.


@kwitaker does the domain that you've registered with Facebook match your deployed environment? You might also check that the call back url you're sending matches your originating domain.


@kwhitaker do you get the http 400 on a normal api request or while fetching an access_token?


@rjspotter - I'll double-check the app on the facebook side, but I'm pretty sure the URL is correct.
@matthiasjakel - when I'm trying to fetch an access_token


@rjspotter - yeah, the URL that I'm using for dev is what I'm using on the facebook app side.


thats my line of code where i am connecting to the api to get an access_token. correct :redirect_uri and set :grant_type ?

client.web_server.get_access_token(params[:code], :redirect_uri => APP_URL + APP_CALLBACK_PATH, :grant_type => 'authorization_code')

So, got localhost working again, back to square one when I push it live. It's getting through being authorized on facebook, then pukes when I try my

access_token = client.web_server.get_access_token(params[:code], :redirect_uri => facebook_callback_url)

I've verified that everything is as it should be on the facebook side. Is there a way to catch and display the specific 400 error it returns?


you haven't set the :grant type. It worked for me.


Seem to have gotten a bit of headway. It's returning an error about not being able to pass client_secret without SSL. Our test server isn't running SSL, is there a way to fake this for development?


I'm trying to post picture on Facebook using gem facebook_oath.
And i getting the same error. While using simple "message" posting everything goes right, but with picture everything goes wrong, and error 400 appears.
Do you have any clues? Thanks for any help


I am using Devise with Omniauth and started getting this same issue (ie. Facebook returning 400) after upgrading omniauth (0.2.4+) which changes its dependencies to use oauth2 (0.4.1). Has anyone been able to solve this?

The url being generated is:


How are you setting config.omniauth in initializers/devise.rb in dev env for facebook?


Hi Johnam,

I am setting it like such:
config.omniauth :facebook, someAppId, someSecret, scope => %w(offline_access email)


Do we have to give ssl settings in development?


Update #2. Yes, it may very well be an SSL issue: try this tip:


OK, got SSL working and it seemed fine for a couple of queries, but not I'm getting the same error again, while using SSL.


I am getting the same thing while trying to use the Runkeeper API. It works with my Foursquare credentials, but the Runkeeper API is a no go for now. I've tried both secure and not secure.

Started GET "/oauth_consumers/runkeeper/callback2?&code=0149e4ba4843410fa1203e24b0bf805c" for at Sat Jun 11 00:40:12 -0400 2011
Processing by OauthConsumersController#callback2 as HTML
Parameters: {"code"=>"0149e4ba4843410fa1203e24b0bf805c", "id"=>"runkeeper"}
Completed 500 Internal Server Error in 619ms

OAuth2::HTTPError (Received HTTP 400 during request.):

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.