unauthorizedclient

unauthorizedclient, typically rendered as the OAuth 2.0 error code unauthorized_client, refers to a condition where a client is not authorized to request an authorization code or access token. The error is defined in RFC 6749 and is returned by the authorization server when a request cannot be fulfilled due to client-level restrictions. In responses, the server often uses HTTP 400 and includes error parameters such as error=unauthorized_client and optional error_description and error_uri.

This error commonly occurs during requests to the authorization endpoint or the token endpoint. It can indicate

Causes include a misconfigured client registration, such as missing or disallowed grant types, incorrect or mismatched

Resolution involves reviewing and updating the client’s registration: ensure the correct grant types are enabled, the

In OpenID Connect and other OAuth 2.0 deployments, unauthorized_client is one of the standard error responses