# I'm getting an error when using the DigitalOcean OAuth API.

## Common Authorization Request Errors

Here are solutions for common issues and errors when making [OAuth API authorization requests](https://docs.digitalocean.com/reference/api/oauth/index.html.md#authorization).

### Access Denied

If the user denies authorization, OAuth redirects them to your callback URL with an `error_description` parameter:

```
https://example.com/callback?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request.
```

Fix this by having your user authorize your application.

### Invalid Redirect URI

If the callback URL in your authorization code link does not match your registered callback URL, the user receives a page with the following error:

```
An error has occurred The redirect uri included is not valid.
```

Fix this by replacing the value of the `redirect_uri` parameter in your authorization code link with your application’s registered callback URL.

### Invalid Scope

If you specify an invalid scope in your authorization code link, the user receives a page with the following error:

```
An error has occurred The requested scope is invalid, unknown, or malformed.
```

Correct this by using a [valid scope](https://docs.digitalocean.com/reference/api/scopes/index.html.md) in your authorization link.

## Common Access Token Request Errors

Here are solutions for common issues and errors when making [OAuth API access token requests](https://docs.digitalocean.com/reference/api/oauth/index.html.md#token).

### Redirect URI Mismatch or Invalid Grant

If your access token request contains a `redirect_uri` that does not match your registered callback URL, or if your authorization grant (`code`) is invalid (already used, expired, revoked), you receive the following error:

```json
{
  "error":"invalid_grant",
  "error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
```

Fix this by ensuring your `redirect_uri` value matches your registered callback URL. If the problem persists, request a new `code` by starting the authorization process over. Authorization codes are valid for 10 minutes after creation.

### Incorrect Client Credentials

If your client credentials are incorrect (client ID or client secret), you receive the following message:

```json
{
  "error":"invalid_client",
  "error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}
```

Correct this by ensuring your request contains client credentials that match the client ID and client secret listed in your application’s registration page (located in the [DigitalOcean Control Panel](https://cloud.digitalocean.com/settings/applications)).

### Verify Scope of Access Token Grant

It is possible for the user to change the scope of the authorization request by modifying the value of the `scope` parameter in the authorization link. To prevent application errors due to insufficient scope, we recommend that you verify that the scope of the access token grant matches the scope that was originally requested.