Authentication & Authorisation errors

The error codes returned from the Retrieve access token endpoint will match those in the OAuth 2.0 spec. Please see here for a list of OAuth errors that we can return; however, for convenience, please also see that list below.

• invalid_request - The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilises more than one mechanism for authenticating the client, or is otherwise malformed.
• invalid_client - Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).
• invalid_grant - The provided authorisation grant (e.g., authorisation code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorisation request, or was issued to another client.
• unauthorized_client - The authenticated client is not authorised to use this authorisation grant type.
• unsupported_grant_type - The authorisation grant type is not supported by the authorisation server.
• invalid_scope - The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.