OAuth Error: invalid_grant

invalid_grant usually means the authorization code expired, was reused, lacks the matching PKCE verifier, or the refresh token was revoked or rotated. Clock skew between servers can also invalidate exp assertions.

Trace the full authorization code flow in network tabs: confirm one code exchange, matching redirect URI, and client authentication method expected by the provider. OAuthFixer summarizes provider-specific checklists.