diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index c825b7b..78ffa13 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   test:
-    runs-on: "ubuntu-latest"
+    runs-on: "ubuntu-22.04"
     strategy:
       matrix:
         include:
diff --git a/setup.cfg b/setup.cfg
index df6742c..6da715e 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -43,7 +43,7 @@ packages =
     fastapi_oauth2
 install_requires =
     fastapi>=0.68.1
-    httpx>=0.23.0
+    httpx>=0.23.0,<=0.27.2
     oauthlib>=3.2.2
     python-jose>=3.3.0
     social-auth-core>=4.4.2
diff --git a/src/fastapi_oauth2/core.py b/src/fastapi_oauth2/core.py
index 9f27ed3..62b4cc7 100644
--- a/src/fastapi_oauth2/core.py
+++ b/src/fastapi_oauth2/core.py
@@ -125,8 +125,11 @@ async def token_data(self, request: Request, **httpx_client_args) -> dict:
         async with httpx.AsyncClient(auth=auth, **httpx_client_args) as session:
             try:
                 response = await session.post(token_url, headers=headers, content=content)
-                if response.status_code == 401:
-                    content = re.sub(r"client_id=[^&]+", "", content)
+                if response.is_error:
+                    if response.status_code == 401:
+                        content = re.sub(r"client_id=[^&]+", "", content)
+                    elif response.status_code == 400:
+                        content = re.sub(r"client_secret=[^&]+", "", content)
                     response = await session.post(token_url, headers=headers, content=content)
                 self._oauth_client.parse_request_body_response(json.dumps(response.json()))
                 return self.standardize(self.backend.user_data(self.access_token))