diff --git a/Gemfile b/Gemfile
index 31f98d758..6234e45f9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -12,7 +12,7 @@ gem 'thin', '~> 1.3.1', :require => false
 gem 'devise', '~> 1.3.1'
 gem 'devise_invitable', '0.5.0'
 gem 'jwt', "0.1.3"
-gem 'oauth2-provider', '0.0.16'
+gem 'oauth2-provider', '0.0.19'
 
 gem 'omniauth', '1.0.1'
 gem 'omniauth-facebook'
diff --git a/Gemfile.lock b/Gemfile.lock
index 94d575d8f..5311b8e54 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -278,8 +278,8 @@ GEM
     oauth2 (0.5.0)
       faraday (>= 0.6.1, < 0.8)
       multi_json (~> 1.0.0)
-    oauth2-provider (0.0.16)
-      activesupport (~> 3.0.1)
+    oauth2-provider (0.0.19)
+      activesupport (~> 3.0)
       addressable (~> 2.2)
     ohai (0.6.10)
       mixlib-cli
@@ -483,7 +483,7 @@ DEPENDENCIES
   mysql2 (= 0.2.17)
   newrelic_rpm
   nokogiri (~> 1.5.0)
-  oauth2-provider (= 0.0.16)
+  oauth2-provider (= 0.0.19)
   ohai (~> 0.6.10)
   omniauth (= 1.0.1)
   omniauth-facebook
diff --git a/app/controllers/apis_controller.rb b/app/controllers/apis_controller.rb
index b43da81fa..17a5ba71f 100644
--- a/app/controllers/apis_controller.rb
+++ b/app/controllers/apis_controller.rb
@@ -4,6 +4,7 @@ class ApisController < ApplicationController
   respond_to :json
 
   def me
+#    debugger
     @person = @user.person
     render :json => {
                       :birthday => @person.profile.birthday,
diff --git a/app/controllers/authorizations_controller.rb b/app/controllers/authorizations_controller.rb
index 679dc7d47..c8e5bb856 100644
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@@ -53,28 +53,41 @@ class AuthorizationsController < ApplicationController
       render :text => "bad request: #{params.inspect}", :status => 403
       return
     end
-      packaged_manifest = JSON.parse(RestClient.get("#{app_url}manifest.json").body)
-      public_key = OpenSSL::PKey::RSA.new(packaged_manifest['public_key'])
-      manifest = JWT.decode(packaged_manifest['jwt'], public_key)
+    
+    packaged_manifest = JSON.parse(RestClient.get("#{app_url}manifest.json").body)
+    public_key = OpenSSL::PKey::RSA.new(packaged_manifest['public_key'])
+    manifest = JWT.decode(packaged_manifest['jwt'], public_key)
 
-      message = verify(signed_string, Base64.decode64(params[:signature]), public_key, manifest)
-      if not (message =='ok')
-        render :text => message, :status => 403
-      elsif manifest["application_base_url"].match(/^https?:\/\/(localhost|chubbi\.es|www\.cubbi\.es|cubbi\.es)(:\d+)?\/$/).nil?
-        # This will only be temporary (less than a month) while we iron out the kinks in Diaspora Connect. Essentially,
-        # whatever we release people will try to work off of and it sucks to build things on top of non-stable things.
-        # We also started writing a gem that we'll release (around the same time) that makes becoming a Diaspora enabled
-        # ruby project a breeze.
+    message = verify(signed_string, Base64.decode64(params[:signature]), public_key, manifest)
+    if not (message =='ok')
+      render :text => message, :status => 403
+    elsif manifest["application_base_url"].match(/^https?:\/\/(localhost|chubbi\.es|www\.cubbi\.es|cubbi\.es)(:\d+)?\/$/).nil?
+      # This will only be temporary (less than a month) while we iron out the kinks in Diaspora Connect. Essentially,
+      # whatever we release people will try to work off of and it sucks to build things on top of non-stable things.
+      # We also started writing a gem that we'll release (around the same time) that makes becoming a Diaspora enabled
+      # ruby project a breeze.
 
-        render :text => "Domain (#{manifest["application_base_url"]}) currently not authorized for Diaspora OAuth", :status => 403
-      else
-        client = OAuth2::Provider.client_class.create_or_reset_from_manifest!(manifest, public_key)
+      render :text => "Domain (#{manifest["application_base_url"]}) currently not authorized for Diaspora OAuth", :status => 403
+    else
+      client = OAuth2::Provider.client_class.create_or_reset_from_manifest!(manifest, public_key)
 
-        render :json => {:client_id => client.oauth_identifier,
-                         :client_secret => client.oauth_secret,
-                         :expires_in => 0,
-                         :flows_supported => ""}
+      debugger
+      json = {:client_id => client.oauth_identifier,
+              :client_secret => client.oauth_secret,
+              :expires_in => 0,
+              :flows_supported => ""}
+
+      if params[:code]
+        code = client.authorization_codes.claim(params[:code], 
+                                                params[:redirect_uri])
+        json.merge!(
+          :access_token => code.access_token,
+          :refresh_token => code.refresh_token
+        )
       end
+
+      render :json => json
+    end
   end
 
   def index
diff --git a/db/migrate/20111207230506_add_oauth_redirect_uri_to_oauth_clients.rb b/db/migrate/20111207230506_add_oauth_redirect_uri_to_oauth_clients.rb
new file mode 100644
index 000000000..e89ed5f8c
--- /dev/null
+++ b/db/migrate/20111207230506_add_oauth_redirect_uri_to_oauth_clients.rb
@@ -0,0 +1,9 @@
+class AddOauthRedirectUriToOauthClients < ActiveRecord::Migration
+  def self.up
+    add_column :oauth_clients, :oauth_redirect_uri, :string
+  end
+
+  def self.down
+    remove_column :oauth_clients, :oauth_redirect_uri
+  end
+end
diff --git a/db/migrate/20111207233503_remove_low_length_limits_from_oauth_tables.rb b/db/migrate/20111207233503_remove_low_length_limits_from_oauth_tables.rb
new file mode 100644
index 000000000..1d3d81e81
--- /dev/null
+++ b/db/migrate/20111207233503_remove_low_length_limits_from_oauth_tables.rb
@@ -0,0 +1,19 @@
+class RemoveLowLengthLimitsFromOauthTables < ActiveRecord::Migration
+  def self.up
+    change_column :oauth_clients, :oauth_identifier, :string, :limit => 127
+    change_column :oauth_clients, :oauth_secret, :string, :limit => 127
+    change_column :oauth_clients, :nonce, :string, :limit => 127
+    change_column :oauth_authorization_codes, :code, :string, :limit => 127
+    change_column :oauth_access_tokens, :access_token, :string, :limit => 127
+    change_column :oauth_access_tokens, :refresh_token, :string, :limit => 127
+  end
+
+  def self.down
+    change_column :oauth_clients, :oauth_identifier, :string, :limit => 32
+    change_column :oauth_clients, :oauth_secret, :string, :limit => 32
+    change_column :oauth_clients, :nonce, :string, :limit => 64
+    change_column :oauth_authorization_codes, :code, :string, :limit => 32
+    change_column :oauth_access_tokens, :access_token, :string, :limit => 32
+    change_column :oauth_access_tokens, :refresh_token, :string, :limit => 32
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 67b994b0e..991f1b7fa 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20111109023618) do
+ActiveRecord::Schema.define(:version => 20111207233503) do
 
   create_table "account_deletions", :force => true do |t|
     t.string  "diaspora_handle"
@@ -199,17 +199,17 @@ ActiveRecord::Schema.define(:version => 20111109023618) do
   add_index "o_embed_caches", ["url"], :name => "index_o_embed_caches_on_url", :length => {"url"=>255}
 
   create_table "oauth_access_tokens", :force => true do |t|
-    t.integer  "authorization_id",               :null => false
-    t.string   "access_token",     :limit => 32, :null => false
-    t.string   "refresh_token",    :limit => 32
+    t.integer  "authorization_id",                :null => false
+    t.string   "access_token",     :limit => 127, :null => false
+    t.string   "refresh_token",    :limit => 127
     t.datetime "expires_at"
     t.datetime "created_at"
     t.datetime "updated_at"
   end
 
   create_table "oauth_authorization_codes", :force => true do |t|
-    t.integer  "authorization_id",               :null => false
-    t.string   "code",             :limit => 32, :null => false
+    t.integer  "authorization_id",                :null => false
+    t.string   "code",             :limit => 127, :null => false
     t.datetime "expires_at"
     t.datetime "created_at"
     t.datetime "updated_at"
@@ -231,11 +231,12 @@ ActiveRecord::Schema.define(:version => 20111109023618) do
     t.text   "description",                         :null => false
     t.string "application_base_url", :limit => 127, :null => false
     t.string "icon_url",             :limit => 127, :null => false
-    t.string "oauth_identifier",     :limit => 32,  :null => false
-    t.string "oauth_secret",         :limit => 32,  :null => false
-    t.string "nonce",                :limit => 64
+    t.string "oauth_identifier",     :limit => 127, :null => false
+    t.string "oauth_secret",         :limit => 127, :null => false
+    t.string "nonce",                :limit => 127
     t.text   "public_key",                          :null => false
     t.text   "permissions_overview",                :null => false
+    t.string "oauth_redirect_uri"
   end
 
   add_index "oauth_clients", ["application_base_url"], :name => "index_oauth_clients_on_application_base_url", :unique => true
@@ -459,6 +460,8 @@ ActiveRecord::Schema.define(:version => 20111109023618) do
     t.string   "confirm_email_token",                :limit => 30
     t.datetime "locked_at"
     t.boolean  "show_community_spotlight_in_stream",                :default => true,  :null => false
+    t.boolean  "auto_follow_back",                                  :default => false
+    t.integer  "auto_follow_back_aspect_id"
   end
 
   add_index "users", ["authentication_token"], :name => "index_users_on_authentication_token", :unique => true
diff --git a/spec/chubbies/app.rb b/spec/chubbies/app.rb
index d6f3b3250..130757abb 100644
--- a/spec/chubbies/app.rb
+++ b/spec/chubbies/app.rb
@@ -87,7 +87,7 @@ module Chubbies
           begin
             @resource_response = user.access_token.token.get("/api/v0/me")
             haml :response
-          rescue OAuth2::AccessDenied
+          rescue OAuth2::Error
             "Token invalid"
           end
         else