invalidgrant

Invalid_grant is an OAuth 2.0 error code defined in RFC 6749. It signals that the authorization grant or refresh token provided to the token endpoint is invalid and cannot be used to obtain an access token. When this error occurs, the token request is rejected with a 400 Bad Request response and an error payload that includes invalid_grant.

Common causes include exchanging an authorization code that has already been used or has expired, submitting

The typical response is an HTTP 400 status with a body such as {"error": "invalid_grant", "error_description": "..."};

Handling and best practices include validating all grant parameters before making token requests, ensuring one-time use