Error Reference
All authorization and authentication endpoints return standard OAuth 2.0 error payloads when a request fails.
Error Payload Format
Failed requests return an HTTP status code in the 4xx or 5xx range and a JSON body containing the fields error and error_description.
{
"error": "invalid_client",
"error_description": "Client authentication failed (e.g. unknown client, no client secrets, or unsupported authentication method)."
}Error Codes Table
| Error Code | HTTP Status | Meaning |
|---|---|---|
invalid_request | 400 Bad Request | The request is missing a required parameter, includes an unsupported parameter, or is otherwise malformed. |
invalid_client | 401 Unauthorized | Client authentication failed (e.g. unknown client ID, invalid client secret, or no client credentials provided). |
invalid_grant | 400 Bad Request | The provided authorization code or refresh token is invalid, expired, revoked, or the redirect URI doesn't match. |
access_denied | 403 Forbidden | The resource owner or authorization server denied the request (e.g. user pressed 'Cancel' on the consent screen). |
unsupported_response_type | 400 Bad Request | The authorization server does not support obtaining an authorization code using this method (only code is supported). |
server_error | 500 Internal Error | The authorization server encountered an unexpected condition that prevented it from fulfilling the request. |