Access Token Request Error

If the request client authentication failed or is invalid, the authorization server returns an error response. The authorization server responds with an HTTP 400 status code (unless specified otherwise) and includes the following parameters with the response:

Access Token Error Parameter
Parameter Description
error Specifies a single error code returned from the authorization server.

Required.

Refer to table Access Token Request Error Codes for the error codes.

The following table lists the error codes for the error returned for an invalid token request:

Access Token Request Error Codes
Error Code Description
invalid_request
  The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.
invalid_client
  Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the “Authorization” request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and include the "WWW-Authenticate" response header field matching the authentication scheme used by the client.
invalid_grant
  The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, and does not match the redirection URI used in the authorization request, or was issued to another client.
unauthorized_client
  The authenticated client is not authorized to use this authorization grant type.
unsupported_grant_type
  The authorization grant type is not supported by the authorization server.
invalid_scope
  The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.
error_description
  Optional. Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred.
error_uri
  Optional. A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.

Access Token Error Example

The following is an example of the error response for an access token request: 

HTTP/1.1 400 Bad Request 

Content-Type: application/json;charset=UTF-8 

Cache-Control: no-store 

Pragma: no-cache 

{ 

"error":"invalid_request" 

}
Contents
Search Results