In https://github.com/go-gitea/gitea/blob/main/routers/web/auth/oauth.go function handleAuthorizationCode there are three possible causes of error unauthorized_client . The description is the same for each "client is not authorized"

As suggested by the OAuth RFC (quoted below), it would be helpful to give more detail in the description

error_description
OPTIONAL. Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred.
Values for the "error_description" parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.