When an assertion fails (for instance if a Facebook token were incorrect or the user had post-authorization deleted the application) the following code will automatically mark the request as an UNAUTHORIZED_CLIENT when INVALID_GRANT would be more accurate.
https://github.com/songkick/oauth2-provider/blob/master/lib/songkick/oauth2/provider/exchange.rb#L191-L194