diff --git a/app/controllers/api/openid_connect/authorizations_controller.rb b/app/controllers/api/openid_connect/authorizations_controller.rb
index 0c7eb78a2..08e3c110f 100644
--- a/app/controllers/api/openid_connect/authorizations_controller.rb
+++ b/app/controllers/api/openid_connect/authorizations_controller.rb
@@ -9,7 +9,7 @@ module Api
 
       rescue_from OpenSSL::SSL::SSLError do |e|
         logger.info e.backtrace[0, 10].join("\n")
-        handle_params_error("ssl_error", e.message)
+        handle_params_error("bad_request", e.message)
       end
 
       before_action :auth_user_unless_prompt_none!
diff --git a/app/controllers/api/openid_connect/token_endpoint_controller.rb b/app/controllers/api/openid_connect/token_endpoint_controller.rb
index cfa06638f..c8ebf5b64 100644
--- a/app/controllers/api/openid_connect/token_endpoint_controller.rb
+++ b/app/controllers/api/openid_connect/token_endpoint_controller.rb
@@ -26,8 +26,7 @@ module Api
       def fetch_public_key(o_auth_app, jwt)
         public_key = fetch_public_key_from_json(o_auth_app.jwks, jwt)
         if public_key.empty? && o_auth_app.jwks_uri
-          uri = URI.parse(o_auth_app.jwks_uri)
-          response = Net::HTTP.get_response(uri)
+          response = Faraday.get(o_auth_app.jwks_uri)
           public_key = fetch_public_key_from_json(response.body, jwt)
         end
         raise Rack::OAuth2::Server::Authorize::BadRequest(:unauthorized_client) if public_key.empty?
diff --git a/app/models/api/openid_connect/authorization.rb b/app/models/api/openid_connect/authorization.rb
index ea73cfb79..dfb6a3e9a 100644
--- a/app/models/api/openid_connect/authorization.rb
+++ b/app/models/api/openid_connect/authorization.rb
@@ -67,8 +67,7 @@ module Api
           auth.destroy
           nil
         else
-          auth.code_used = true
-          auth.save
+          auth.update!(code_used: true)
           auth
         end
       end
diff --git a/app/models/api/openid_connect/o_auth_application.rb b/app/models/api/openid_connect/o_auth_application.rb
index e42b7fb51..57d5fe27f 100644
--- a/app/models/api/openid_connect/o_auth_application.rb
+++ b/app/models/api/openid_connect/o_auth_application.rb
@@ -50,8 +50,7 @@ module Api
         def check_sector_identifier_uri(attributes)
           sector_identifier_uri = attributes[:sector_identifier_uri]
           return unless sector_identifier_uri
-          uri = URI.parse(sector_identifier_uri)
-          response = Net::HTTP.get_response(uri)
+          response = Faraday.get(sector_identifier_uri)
           sector_identifier_uri_json = JSON.parse(response.body)
           redirect_uris = attributes[:redirect_uris]
           sector_identifier_uri_includes_redirect_uris = (redirect_uris - sector_identifier_uri_json).empty?
@@ -80,8 +79,7 @@ module Api
             if key == :subject_type
               attr[:ppid] = (value == "pairwise")
             elsif key == :jwks_uri
-              uri = URI.parse(value)
-              response = Net::HTTP.get_response(uri)
+              response = Faraday.get(value)
               attr[:jwks] = response.body
               attr[:jwks_uri] = value
             elsif key == :jwks
diff --git a/lib/api/openid_connect/error/invalid_sector_identifier_uri.rb b/lib/api/openid_connect/error.rb
similarity index 60%
rename from lib/api/openid_connect/error/invalid_sector_identifier_uri.rb
rename to lib/api/openid_connect/error.rb
index 2431e1445..56059ad59 100644
--- a/lib/api/openid_connect/error/invalid_sector_identifier_uri.rb
+++ b/lib/api/openid_connect/error.rb
@@ -1,6 +1,11 @@
 module Api
   module OpenidConnect
     module Error
+      class InvalidRedirectUri < ::ArgumentError
+        def initialize
+          super "Redirect uri contains fragment"
+        end
+      end
       class InvalidSectorIdentifierUri < ::ArgumentError
         def initialize
           super "Invalid sector identifier uri"
diff --git a/lib/api/openid_connect/error/invalid_redirect_uri.rb b/lib/api/openid_connect/error/invalid_redirect_uri.rb
deleted file mode 100644
index 2cb5e3894..000000000
--- a/lib/api/openid_connect/error/invalid_redirect_uri.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-module Api
-  module OpenidConnect
-    module Error
-      class InvalidRedirectUri < ::ArgumentError
-        def initialize
-          super "Redirect uri contains fragment"
-        end
-      end
-    end
-  end
-end
diff --git a/spec/controllers/api/openid_connect/clients_controller_spec.rb b/spec/controllers/api/openid_connect/clients_controller_spec.rb
index a67f7f61f..1849f2c8a 100644
--- a/spec/controllers/api/openid_connect/clients_controller_spec.rb
+++ b/spec/controllers/api/openid_connect/clients_controller_spec.rb
@@ -5,8 +5,8 @@ describe Api::OpenidConnect::ClientsController, type: :controller do
     context "when valid parameters are passed" do
       it "should return a client id" do
         stub_request(:get, "http://example.com/uris")
-          .with(headers: {:Accept => "*/*", :"Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
-                          :Host => "example.com", :"User-Agent" => "Ruby"})
+          .with(headers: {Accept: "*/*", :"Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
+                          :"User-Agent" => "Faraday v0.9.1"})
           .to_return(status: 200, body: "[\"http://localhost\"]", headers: {})
         post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client",
              response_types: [], grant_types: [], application_type: "web", contacts: [],
@@ -22,8 +22,8 @@ describe Api::OpenidConnect::ClientsController, type: :controller do
     context "when valid parameters with jwks is passed" do
       it "should return a client id" do
         stub_request(:get, "http://example.com/uris")
-          .with(headers: {:Accept => "*/*", :"Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
-                          :Host => "example.com", :"User-Agent" => "Ruby"})
+          .with(headers: {Accept: "*/*", :"Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
+                          :"User-Agent" => "Faraday v0.9.1"})
           .to_return(status: 200, body: "[\"http://localhost\"]", headers: {})
         post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client",
              response_types: [], grant_types: [], application_type: "web", contacts: [],
@@ -80,12 +80,12 @@ describe Api::OpenidConnect::ClientsController, type: :controller do
     context "when valid parameters with jwks_uri is passed" do
       it "should return a client id" do
         stub_request(:get, "http://example.com/uris")
-          .with(headers: {:Accept => "*/*", :"Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
-                          :Host => "example.com", :"User-Agent" => "Ruby"})
+          .with(headers: {Accept: "*/*", :"Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
+                          :"User-Agent" => "Faraday v0.9.1"})
           .to_return(status: 200, body: "[\"http://localhost\"]", headers: {})
         stub_request(:get, "https://kentshikama.com/api/openid_connect/jwks.json")
-          .with(headers: {:Accept => "*/*", :"Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
-                            :Host => "kentshikama.com", :"User-Agent" => "Ruby"})
+          .with(headers: {Accept: "*/*", :"Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
+                            :"User-Agent" => "Faraday v0.9.1"})
           .to_return(status: 200,
                      body: "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"n\":\"qpW\",\"use\":\"sig\"}]}", headers: {})
         post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client",