This page contains the list of possible OAuth 2.0 error codes grouped by HTTP Status Codes.

`400 Bad Request`

invalid_grant - The provided authorization grant is invalid, expired, or revoked
unsupported_grant_type - The grant type is missing or not supported
invalid_client - Client authentication failed (invalid or missing credentials)
invalid_request - The request is missing required parameters or is malformed

`401 Unauthorized`

invalid_grant - The provided authorization grant is invalid, expired, or revoked

`403 Forbidden`

unauthorized_client - The client is not authorized to access this resource

`404 Not Found`

invalid_grant - The provided authorization grant is invalid, expired, or revoked

`500 Server Error`

server_error - An unexpected server-side error occurred

🚧
Legacy Error Codes
The error codes shown below are maintained only for existing integrations. New integrations should use the error codes described above.

`400 Bad Request`

code-exchange-failed
missing-grant-type-param
missing-authorization-header
missing-required-params
invalid-authorization-header
invalid-grant-type
invalid-refresh-token
invalid-access-token
invalid-auth-code
invalid-redirect-uri
invalid-oauth-app

`401 Unauthorized`

expired-refresh-token
expired-access-token
expired-auth-code

`403 Forbidden`

resource-restricted

`404 Not Found`

inactive-account
invalid-account
account-not-found
user-not-found

400 Bad Request

401 Unauthorized

403 Forbidden

404 Not Found

500 Server Error

🚧Legacy Error Codes

400 Bad Request

401 Unauthorized

403 Forbidden

404 Not Found

`400 Bad Request`

`401 Unauthorized`

`403 Forbidden`

`404 Not Found`

`500 Server Error`

🚧
Legacy Error Codes

`400 Bad Request`

`401 Unauthorized`

`403 Forbidden`

`404 Not Found`