diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e3c92c9f..318fe8ba4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ Note: For changes to the API, see https://shopify.dev/changelog?filter=api
 ## Unreleased
 - [#1241](https://github.com/Shopify/shopify-api-ruby/pull/1241) Add `api_host` to `ShopifyAPI::Context.setup`, allowing the API host to be overridden in `ShopifyAPI::Clients::HttpClient`. This context option is intended for internal Shopify use only. 
 - [#1237](https://github.com/Shopify/shopify-api-ruby/pull/1237) Skip mandatory webhook topic registration/unregistrations
+- [#1239](https://github.com/Shopify/shopify-api-ruby/pull/1239) Update `OAuth.validate_auth_callback` to use `ShopifyApi::Clients::HttpClient`.
 
 - [#1205](https://github.com/Shopify/shopify-api-ruby/pull/1205) Fixes invalid typing of ShopifyAPI::DiscountCode#errors.
 ## 13.2.0
diff --git a/lib/shopify_api/auth/oauth.rb b/lib/shopify_api/auth/oauth.rb
index 66bdb6728..8046d7b38 100644
--- a/lib/shopify_api/auth/oauth.rb
+++ b/lib/shopify_api/auth/oauth.rb
@@ -70,15 +70,25 @@ def validate_auth_callback(cookies:, auth_query:)
           raise Errors::InvalidOauthError,
             "Invalid state in OAuth callback." unless state == auth_query.state
 
-          # TODO: replace this call with the HTTP client once it is built
+          null_session = Auth::Session.new(shop: auth_query.shop)
           body = { client_id: Context.api_key, client_secret: Context.api_secret_key, code: auth_query.code }
-          response = HTTParty.post("https://#{auth_query.shop}/admin/oauth/access_token", body: body)
-          unless response.ok?
+
+          client = Clients::HttpClient.new(session: null_session, base_path: "/admin/oauth")
+          response = begin
+            client.request(
+              Clients::HttpRequest.new(
+                http_method: :post,
+                path: "access_token",
+                body: body,
+                body_type: "application/json",
+              ),
+            )
+          rescue ShopifyAPI::Errors::HttpResponseError => e
             raise Errors::RequestAccessTokenError,
-              "Cannot complete OAuth process. Received a #{response.code} error while requesting access token."
+              "Cannot complete OAuth process. Received a #{e.code} error while requesting access token."
           end
-          session_params = response.to_h
 
+          session_params = T.cast(response.body, T::Hash[String, T.untyped]).to_h
           session = create_new_session(session_params, auth_query.shop)
 
           cookie = if Context.embedded?