OAuth error unauthorized_client should distinguish different causes by description

[hickford]

In https://github.com/go-gitea/gitea/blob/main/routers/web/auth/oauth.go function handleAuthorizationCode there are three possible causes of error unauthorized_client . The description is the same for each "client is not authorized"

gitea/routers/web/auth/oauth.go

Lines 679 to 709 in 889a41c

	func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey oauth2.JWTSigningKey) {
	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
	if err != nil {
	handleAccessTokenError(ctx, AccessTokenError{
	ErrorCode: AccessTokenErrorCodeInvalidClient,
	ErrorDescription: fmt.Sprintf("cannot load client with client id: '%s'", form.ClientID),
	})
	return
	}
	if !app.ValidateClientSecret([]byte(form.ClientSecret)) {
	handleAccessTokenError(ctx, AccessTokenError{
	ErrorCode: AccessTokenErrorCodeUnauthorizedClient,
	ErrorDescription: "client is not authorized",
	})
	return
	}
	if form.RedirectURI != "" && !app.ContainsRedirectURI(form.RedirectURI) {
	handleAccessTokenError(ctx, AccessTokenError{
	ErrorCode: AccessTokenErrorCodeUnauthorizedClient,
	ErrorDescription: "client is not authorized",
	})
	return
	}
	authorizationCode, err := auth.GetOAuth2AuthorizationByCode(ctx, form.Code)
	if err != nil || authorizationCode == nil {
	handleAccessTokenError(ctx, AccessTokenError{
	ErrorCode: AccessTokenErrorCodeUnauthorizedClient,
	ErrorDescription: "client is not authorized",
	})
	return
	}

As suggested by the OAuth RFC (quoted below), it would be helpful to give more detail in the description

error_description
OPTIONAL. Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred.
Values for the "error_description" parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.