IdentityServer · brockallen · Mar 26, 2020 · Feb 18, 2020
diff --git a/src/IdentityServer4/src/Validation/Default/TokenRequestValidator.cs b/src/IdentityServer4/src/Validation/Default/TokenRequestValidator.cs
@@ -267,7 +267,7 @@ private async Task<TokenRequestValidationResult> ValidateAuthorizationCodeReques
             if (redirectUri.Equals(_validatedRequest.AuthorizationCode.RedirectUri, StringComparison.Ordinal) == false)
             {
                 LogError("Invalid redirect_uri", new { redirectUri, expectedRedirectUri = _validatedRequest.AuthorizationCode.RedirectUri });
-                return Invalid(OidcConstants.TokenErrors.UnauthorizedClient);
+                return Invalid(OidcConstants.TokenErrors.InvalidGrant);
             }
 
             /////////////////////////////////////////////
@@ -511,7 +511,7 @@ private async Task<TokenRequestValidationResult> ValidateRefreshTokenRequestAsyn
         private async Task<TokenRequestValidationResult> ValidateDeviceCodeRequestAsync(NameValueCollection parameters)
         {
             _logger.LogDebug("Start validation of device code request");
-            
+
             /////////////////////////////////////////////
             // check if client is authorized for grant type
             /////////////////////////////////////////////
@@ -540,11 +540,11 @@ private async Task<TokenRequestValidationResult> ValidateDeviceCodeRequestAsync(
             /////////////////////////////////////////////
             // validate device code
             /////////////////////////////////////////////
-            var deviceCodeContext = new DeviceCodeValidationContext {DeviceCode = deviceCode, Request = _validatedRequest};
+            var deviceCodeContext = new DeviceCodeValidationContext { DeviceCode = deviceCode, Request = _validatedRequest };
             await _deviceCodeValidator.ValidateAsync(deviceCodeContext);
 
             if (deviceCodeContext.Result.IsError) return deviceCodeContext.Result;
-            
+
             _logger.LogDebug("Validation of authorization code token request success");
 
             return Valid();
@@ -789,7 +789,7 @@ private void LogWithRequestDetails(LogLevel logLevel, string message = null, obj
                     {
                         _logger.Log(logLevel, message + "{@values}, details: {@details}", values, details);
                     }
-                    
+
                 }
                 catch (Exception ex)
                 {

diff --git a/...erver.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Code_Invalid.cs b/...erver.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Code_Invalid.cs
@@ -288,7 +288,7 @@ public async Task Different_RedirectUri_Between_Authorize_And_Token_Request()
             var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult());
 
             result.IsError.Should().BeTrue();
-            result.Error.Should().Be(OidcConstants.TokenErrors.UnauthorizedClient);
+            result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant);
         }
 
         [Fact]