I am getting this error when I try to get an access_token from the IPS oAuth server:

{
    "name": "AuthorizationError",
    "code": "invalid_scope",
    "status": 500
}

I didn't find any official documentation on this and it would be great if someone gave me the link. The URL I'm requesting for is this (confidential data has been hidden with XXX-XXX😞

https://example.com/oauth/authorize?response_type=code&redirect_uri=example.com&scope=authorization_code&client_id=XXX-XXX

 

What am I doing wrong?

It’s merely telling you the scope you are requesting, authorization_code, is not a valid scope. Although I cannot tell which OAuth provider you are using, I’m guessing authorization_code isn’t a valid scope. I’ve never seen that before. Typically scopes correspond with resources you want access to such as profile, email, user, openid etc. 

When you set up a custom confidential OAuth client, you can choose which scopes are available. Look at the "Scopes" tab.

 

By default, "profile" and "email" are the two valid scopes that are created, but you can adjust and make others.

3 minutes ago, bfarber said:

When you set up a custom confidential OAuth client, you can choose which scopes are available. Look at the "Scopes" tab.

 

Issue solved. Thanks so much.