There are quite some possible reasons why you could be getting unauthorized_client. See a list of likely causes below:
- Not ensuring that code_challenger and code_verifier pairs are unique per request.
- Reusing an authorization code parameter in the connect/token request.
- Mismatch between the redirect_uri parameter in the connect/authorize endpoint and connect/token requests.
See screenshot below :
Steps To Resolve:
- Ensure you're making use of a url that is whitelisted for your client. You may refer to your client credential JSON file for a list of valid redirect_uris. For more information you may refer to this article.
- Ensure that the redirect_uri used during the connect/authorize request matches that used in the connect/token request.