Overview#
Invalid_token is defined in
RFC 6750 and registered in the
OAuth Parameters Registry.
Invalid_token indicates The Access Token provided is:
- expired
- revoked
- malformed
- or invalid for other reasons.
The
Resource Server SHOULD respond with the
HTTP 401 (Unauthorized) status code.
The OAuth Client MAY request a new Access Token and retry the protected resource request.
There might be more information for this subject on one of the following: