diff --git a/pom.xml b/pom.xml
index c22254d13..8382efff4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,16 +38,17 @@
 		<cryptomator.webdav.version>1.2.7</cryptomator.webdav.version>
 
 		<!-- 3rd party dependencies -->
-		<javafx.version>18.0.1</javafx.version>
 		<commons-lang3.version>3.12.0</commons-lang3.version>
-		<jwt.version>3.19.2</jwt.version>
+		<dagger.version>2.41</dagger.version>
 		<easybind.version>2.2</easybind.version>
 		<guava.version>31.1-jre</guava.version>
-		<dagger.version>2.41</dagger.version>
 		<gson.version>2.9.0</gson.version>
-		<zxcvbn.version>1.7.0</zxcvbn.version>
-		<slf4j.version>1.7.36</slf4j.version>
+		<javafx.version>18.0.1</javafx.version>
+		<jwt.version>3.19.2</jwt.version>
 		<logback.version>1.2.11</logback.version>
+		<slf4j.version>1.7.36</slf4j.version>
+		<tinyoauth2.version>0.5.1</tinyoauth2.version>
+		<zxcvbn.version>1.7.0</zxcvbn.version>
 
 		<!-- test dependencies -->
 		<junit.jupiter.version>5.8.1</junit.jupiter.version>
@@ -143,7 +144,7 @@
 		<dependency>
 			<groupId>io.github.coffeelibs</groupId>
 			<artifactId>tiny-oauth2-client</artifactId>
-			<version>0.2.0</version>
+			<version>${tinyoauth2.version}</version>
 		</dependency>
 		<dependency>
 			<groupId>com.auth0</groupId>
diff --git a/src/main/java/org/cryptomator/ui/keyloading/hub/AuthFlowTask.java b/src/main/java/org/cryptomator/ui/keyloading/hub/AuthFlowTask.java
index 180a51ef0..c65256007 100644
--- a/src/main/java/org/cryptomator/ui/keyloading/hub/AuthFlowTask.java
+++ b/src/main/java/org/cryptomator/ui/keyloading/hub/AuthFlowTask.java
@@ -2,6 +2,8 @@ package org.cryptomator.ui.keyloading.hub;
 
 import com.google.gson.JsonParser;
 import io.github.coffeelibs.tinyoauth2client.AuthFlow;
+import io.github.coffeelibs.tinyoauth2client.TinyOAuth2;
+import io.github.coffeelibs.tinyoauth2client.http.response.Response;
 
 import javafx.concurrent.Task;
 import java.io.IOException;
@@ -28,13 +30,24 @@ class AuthFlowTask extends Task<String> {
 
 	@Override
 	protected String call() throws IOException, InterruptedException {
-		var response = AuthFlow.asClient(hubConfig.clientId) //
-				.withSuccessRedirect(URI.create(hubConfig.authSuccessUrl + "&device=" + authFlowContext.deviceId())) //
-				.withErrorRedirect(URI.create(hubConfig.authErrorUrl + "&device=" + authFlowContext.deviceId())) //
-				.authorize(URI.create(hubConfig.authEndpoint), redirectUriConsumer) //
-				.getAccessToken(URI.create(hubConfig.tokenEndpoint));
-		var json = JsonParser.parseString(response);
+		var response = TinyOAuth2.client(hubConfig.clientId) //
+				.withTokenEndpoint(URI.create(hubConfig.tokenEndpoint)) //
+				.authFlow(URI.create(hubConfig.authEndpoint)) //
+				.setSuccessResponse(Response.redirect(URI.create(hubConfig.authSuccessUrl + "&device=" + authFlowContext.deviceId()))) //
+				.setErrorResponse(Response.redirect(URI.create(hubConfig.authErrorUrl + "&device=" + authFlowContext.deviceId()))) //
+				.authorize(redirectUriConsumer);
+		if (response.statusCode() != 200) {
+			throw new NotOkResponseException("Authorization returned status code " + response.statusCode());
+		}
+		var json = JsonParser.parseString(response.body());
 		return json.getAsJsonObject().get("access_token").getAsString();
 	}
 
+	public static class NotOkResponseException extends RuntimeException {
+
+		NotOkResponseException(String msg) {
+			super(msg);
+		}
+	}
+
 }