I'm creating a new issue because the original one (#50) is closed.

OAuth2Provider:: issueAccessToken() and OAuth2Provider::authorize() handle errors mostly the same except that issueAccessToken() includes a JSON body describing the error and authorize() doesn't. Is there a particular reason for not including the JSON body for authorize() errors? If not I'll submit a pull request with that fixed.

The spec does say that "the specifics of such error responses are beyond the scope of this specification". What's important, is that different error responses for issuing token and accessing protected resources (header and body in one case and only header in the other) are forcing clients to use different logic when handling error responses.
I would say that we would only benefit from this.

Currently, our service's API send normal and error data as JSON format in response body.
Error format is different each application, anyone can't decide the format.

I don't think we should provide error response body by default in our library.
User should decide the format between application and OAuth authorize.

If developer want to include error messages in the authorize response body, it is easy by overriding issueAccessToken and authorize methods.

• https://github.com/nulab/scala-oauth2-provider/blob/0.16.1/play2-oauth2-provider/src/main/scala/scalaoauth2/provider/OAuth2Provider.scala#L137
• https://github.com/nulab/scala-oauth2-provider/blob/0.16.1/play2-oauth2-provider/src/main/scala/scalaoauth2/provider/OAuth2Provider.scala#L156