Text from http://tools.ietf.org/html/draft-ietf-oauth-v2-16. The authorization server responds with an HTTP 400 (Bad Request) status code and includes the following values in the "error" parameter with the response:
•invalid_request: The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.
•invalid_client: Client authentication failed (e.g. unknown client, no client credentials included, multiple client credentials included, or unsupported credentials type). The authorization server MUST return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the "Authorization" request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the "WWW-Authenticate" response header field matching the authentication scheme used by the client.
•invalid_grant: The provided authorization grant is invalid, expired, revoked, and does not match the redirection URL used in the authorization request, or was issued to another client.
•unauthorized_client: The authenticated client is not authorized to use this authorization grant type.
•unsupported_grant_type: The authorization grant type is not supported by the authorization server.
•invalid_scope: The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.
•invalid_operation: The requested operation is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.
If the authorization server encounters an error condition other than the 400 (Bad Request) and 401 (Unauthorized) responses described above (ex.: the service is temporarily unavailable), the authorization server should include an error response in the entity body, and set the "error" parameter value to the numerical HTTP status code returned.
Example:
HTTP/1.1 503 Service Unavailable
Content-Type: application/json
{
"error":"503"
}