I am reading oauth2 specs and error codes are confusing to me unauthorized_clientand access_denied. They seem to express the same error condition, right? At first glance (according to the error code), I thought that to refuse authentication, and the other to refuse authorization, but both of them are really connected with the authorization failure, which translates into the http 403 status code.
unauthorized_client
The client is not authorized to request an access token
using this method.
access_denied
The resource owner or authorization server denied the
request.
source
share