Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

unauthorized_client

The client is not allowed to perform this operation.

Explanation

This error is used to signal a problem with the how the client is attempting to use the server. This is opposed to access_denied which indicates that the server or end-user denied an otherwise valid request.

Remediation

This is most often triggered by:

  • a bad client_id parameter

    Check that the client is using the exact value assigned during client registration.

  • a bad redirect_uri parameter

    Check that the redirect_uri matches exactly one of the values supplied during client registration.

  • a rate limit which has been exceeded

    This is most often seen with the Password Limited Grant which is expected to be used only once at client start-up. Use the Refresh Token grant to maintain the access token. See the warning in the documentation for the Password Limited Grant for more information.