OAuth 2.0#

Invalid_token is defined in RFC 6750 and registered in the OAuth Parameters Registry.

Invalid_token indicates The Access Token provided is:

  • expired
  • revoked
  • malformed
  • or invalid for other reasons.
The Resource Server SHOULD respond with the HTTP 401 (Unauthorized) status code.

The OAuth Client MAY request a new Access Token and retry the protected resource request.

More Information#

There might be more information for this subject on one of the following: