<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Receiving Error "The authorization grant type is not supported by the authorization server" when Trying to Log into an OpenID Connect Application
Feb 2, 2026
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview

When trying to log a user into an OpenID Connect application, the following error message is returned:

{
  "error": "unsupported_grant_type",
  "error_description": "The authorization grant type is not supported by the authorization server. Configured grant types: [******]."
}

 

Applies To
  • OAuth/OpenID Connect applications
Cause
The authorization server OR OpenID Connect application does not have the requested grant type enabled
Solution
  1. Check which grant type the application is trying to use:
    1. If this error is received while making an /authorize request, confirm what value is included as the response_type.

Authorize Request - id_token

  1. If this error is received while making a /token request, confirm what value is included as the grant_type.
Token Request - Resource Owner Password Grant
  1. If this error is received while making a /device/authorize request, then a Device Authorization grant type is used.
Device Authorization grant type
  1. Confirm that the OpenID Connect client used is eligible to handle this grant type by navigating to Applications > Applications > select the target application > General > General Settings in the Admin Console. See the example screenshot of this section below:

Native App - available Grant types

  • If the response_type is "id_token", it is necessary to use a SPA, Web, or Native app.
    • Ensure that Implicit (hybrid) and, below that, Allow ID Token with implicit grant type are enabled.
  • If the response_type is "token", it is necessary to use a SPA, Web, or Native app.
    • Ensure that Implicit (hybrid) and, below that, Allow Access Token with implicit grant type are enabled.
  • If the response_type is "code", it is necessary to use a SPA, Web, or Native app.
    • Ensure that Authorization Code is enabled.
  • If the grant_type is "password", it is necessary to use a Native app.
    • Ensure that Resource Owner Password is enabled.
  • If the grant_type is "client_credentials", it is necessary to use a Web or Service app.
    • Ensure that Client Credentials is enabled.
  • If the grant_type is urn:ietf:params:oauth:grant-type:saml2-bearer, it is necessary to use a Native app.
    • Ensure that SAML 2.0 Assertion is enabled.
  • If there is a need to use the /device/authorize endpoint, then it is necessary to use a Native app.
    • Ensure that Device Authorization is enabled.

 

  1. (Optional) If using a Custom Authorization Server, ensure that the grant type is also enabled in the applicable Access Rule for the server in question.
Custom Authorization Server - Access Rule


NOTE: If requesting multiple response_types in the same /authorize request, go through the above steps for each to ensure that the application and authorization server are configured to allow use of these grant types.

Recommended content

Still looking for help?
Loading
Receiving Error "The authorization grant type is not supported by the authorization server" when Trying to Log into an OpenID Connect Application