Skip to content

Invalid Grant

URI: https://docs.ankatech.co/errors/invalid_grant
HTTP Status: 400 Bad Request

This error also corresponds to the RFC 6749 OAuth 2.0 error code invalid_grant of the same name. The RFC 7807 type suffix uses the identical underscore form so the two identifiers match.

When you see this

The provided authorization grant or refresh token is invalid, expired, revoked, or does not match the request.

Common Causes

  • Incorrect resource-owner credentials in a password grant.
  • An expired, revoked, or already-used refresh token.
  • A grant that does not match the client or requested scope.

Response Example

{
  "type": "https://docs.ankatech.co/errors/invalid_grant",
  "title": "Invalid Grant",
  "status": 400,
  "detail": "The provided authorization grant is invalid, expired, or revoked.",
  "instance": "/oauth/token",
  "correlationId": "550e8400-e29b-41d4-a716-446655440000",
  "timestamp": 1730000000
}

Content-Type: application/problem+json — the response follows RFC 7807 Problem Details.

How to Resolve

  1. For password grants, confirm the username and password are correct.
  2. For refresh grants, obtain a fresh refresh token by re-authenticating.
  3. Ensure the grant matches the client and requested scope, then re-submit.

For full schema definitions, examples, and interactive testing, see the Developer Hub Reference.