Invalid_grant is defined in RFC 6749 as "The provided authorization grant (e.g., authorization Code, Resource Owner credentials) or Refresh Token is invalid, expired, revoked, does not match the redirection URI used in the Authorization Request, or was issued to another client."

Interestingly this is NOT defined in the OAuth Parameters Registry (OAuth Extensions Error Registry)

More Information#

There might be more information for this subject on one of the following: