The resource owner or authorization server denied the request.
The request requires higher privileges than provided by the access token.
Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).
The client metadata is invalid. (Custom error for dynamic client registration - RFC 7591)
The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.
The requested resource is invalid, missing, unknown, or malformed. (Custom error for resource indicators - RFC 8707)
The access token provided is expired, revoked, malformed, or invalid for other reasons.
The HTTP method used is not allowed for this endpoint. (Custom, non-standard error)
The authorization server encountered an unexpected condition that prevented it from fulfilling the request.
The authorization server is currently unable to handle the request due to temporary overloading or maintenance.
Rate limit exceeded. (Custom, non-standard error based on RFC 6585)
The authenticated client is not authorized to use this authorization grant type.
The authorization grant type is not supported by the authorization server.
The authorization server does not support obtaining an authorization code using this method.
The authorization server does not support the requested token type.
OAuth error codes as defined by RFC 6749 and extensions.