diff --git a/src/requirements/production.txt b/src/requirements/production.txt
index 436e1180d5..b3407c391a 100644
--- a/src/requirements/production.txt
+++ b/src/requirements/production.txt
@@ -39,7 +39,7 @@ django-hijack>=2.1.10,<2.2.0
 jsonschema
 openpyxl
 django-oauth-toolkit==1.2.*
-oauthlib==2.1.*
+oauthlib==3.1.*
 django-jsonfallback>=2.1.2
 psycopg2-binary
 # Stripe
@@ -63,4 +63,4 @@ redis==3.2.*
 django-phonenumber-field==3.0.*
 phonenumberslite==8.10.*
 python-bidi==0.4.*  # Support for arabic in reportlab
-arabic-reshaper==2.0.15  # Support for Aabic in reportlab
\ No newline at end of file
+arabic-reshaper==2.0.15  # Support for Aabic in reportlab
diff --git a/src/setup.py b/src/setup.py
index 77267f2066..fc8bb50fa6 100644
--- a/src/setup.py
+++ b/src/setup.py
@@ -145,7 +145,7 @@ setup(
         'django-hijack>=2.1.10,<2.2.0',
         'openpyxl',
         'django-oauth-toolkit==1.2.*',
-        'oauthlib==2.1.*',
+        'oauthlib==3.1.*',
         'urllib3==1.24.*',  # required by current requests
         'django-phonenumber-field==3.0.*',
         'phonenumberslite==8.10.*',
diff --git a/src/tests/api/test_oauth.py b/src/tests/api/test_oauth.py
index 32d9bbfbc1..272c9a685d 100644
--- a/src/tests/api/test_oauth.py
+++ b/src/tests/api/test_oauth.py
@@ -478,7 +478,7 @@ def test_token_revoke_refresh_token(client, admin_user, organizer, application:
         'grant_type': 'refresh_token',
     }, HTTP_AUTHORIZATION='Basic ' + base64.b64encode(
         ('%s:%s' % (application.client_id, application.client_secret)).encode()).decode())
-    assert resp.status_code == 401
+    assert resp.status_code == 400
 
 
 @pytest.mark.django_db
@@ -573,4 +573,4 @@ def test_user_revoke(client, admin_user, organizer, application: OAuthApplicatio
         'grant_type': 'refresh_token',
     }, HTTP_AUTHORIZATION='Basic ' + base64.b64encode(
         ('%s:%s' % (application.client_id, application.client_secret)).encode()).decode())
-    assert resp.status_code == 401
+    assert resp.status_code == 400