Request to login/oauth/access_token returns error

Hello! I tried virtually everything and it’s not working.

I can successfully get code  and state.

But, when I try to exchange them to access token


request fails with no error message and 406 status code.

likern@likern:~/Breaffy/old-telegram-bot$ curl -v -H "Accept: application/vnd.github.machine-man-preview+json" -X POST ""
* Trying
* Connected to ( port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=5157550; C=US; ST=California; L=San Francisco; O=GitHub, Inc.;
* start date: May 8 00:00:00 2018 GMT
* expire date: Jun 3 12:00:00 2020 GMT
* subjectAltName: host "" matched cert's ""
* issuer: C=US; O=DigiCert Inc;; CN=DigiCert SHA2 Extended Validation Server CA
* SSL certificate verify ok.
> POST /login/oauth/access_token?client_id=Iv1.daa70164e608e4a0&client_secret=0a93af098d3d310ceee6b023b99ab1921b0b1076&code=25734a3fe561f0ea6752&state=1d257fb4-448a-4208-b785-76ff7b8f8346 HTTP/1.1
> Host:
> User-Agent: curl/7.58.0
> Accept: application/vnd.github.machine-man-preview+json
< HTTP/1.1 406 Not Acceptable
< Date: Wed, 24 Apr 2019 20:40:41 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Server:
< Status: 406 Not Acceptable
< Vary: X-PJAX
< Cache-Control: no-cache
< Set-Cookie: has_recent_activity=1; path=/; expires=Wed, 24 Apr 2019 21:40:41 -0000
< Set-Cookie: ignored_unsupported_browser_notice=false; path=/
< X-Request-Id: e39c1dfb-531d-4244-83c8-35398dac0197
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Frame-Options: deny
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
< Expect-CT: max-age=2592000, report-uri=""
< Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' wss://; font-src; form-action 'self'; frame-ancestors 'none'; frame-src; img-src 'self' data: *; manifest-src 'self'; media-src 'none'; script-src; style-src 'unsafe-inline'
< X-GitHub-Request-Id: D112:46021:117A699:1A4BB95:5CC0C9C9
* Connection #0 to host left intact

Hi @likern,

Welcome to the Github Community Forum!

I search for some solution and i find this where explain the error code:

It seems that you are not send the right list of acceptable values defined in the request’s proactive content negotiation headers.

Did you follow this guide? ->


Mark helpfull posts with Accept as Solution to help other users locate important info. Don’t forget to give Kudos for great contents!

1 Like

Thank you so much! You really helped me :wink:

I added Accept: ‘application/json’ and this starts working =)


Has anyone contacted support about this?
Why do they have a warning and a “preview” header requirement above the “/login/oauth/access_token” endpoint?

Hi guys, i cant deal with this refreshing access_token with using refresh token.

curl --location --request POST ‘
–header ‘Accept: application/json’
–header ‘Content-Type: application/json’
–data-raw ‘{
“refresh_token”: YOUR_REFRESH_TOKEN,
“client_id”: YOUR_CLIENT_ID,

it returns 400 if content is json if content type is form data or x-www-form-urlencoded service returns this
404 status
“error”: “Not Found”
For any help appreciate!