See http://tools.ietf.org/html/rfc6749#section-5.2
| HTTP Status | Code | Description |
|---|---|---|
| 400 | invalid_request | The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed. |
| 401 | invalid_client | Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the “Authorization” request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and include the “WWW-Authenticate” response header field matching the authentication scheme used by the client. |
| 400 | invalid_grant | The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. |
| 400 | unauthorized_client | The authenticated client is not authorized to use this authorization grant type. |
| 400 | unsupported_grant_type | The authorization grant type is not supported by the authorization server. |
| 400 | invalid_scope | The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner. |