diff --git a/config/zoho.php b/config/zoho.php
index 19d47d2..027234a 100644
--- a/config/zoho.php
+++ b/config/zoho.php
@@ -12,6 +12,7 @@
     // with the error flashed in the session with the key `zoho.access_token_error`
     // known error code:
     //      -  403: invalid_client_secret
+    //      -  403: invalid_code
     //      -  500: fallback on unknown error
     'on_error_url' => '/',
 
diff --git a/src/Auth/ZohoAuthProvider.php b/src/Auth/ZohoAuthProvider.php
index a20f5d2..d0d58e8 100644
--- a/src/Auth/ZohoAuthProvider.php
+++ b/src/Auth/ZohoAuthProvider.php
@@ -105,7 +105,7 @@ protected function checkResponse(ResponseInterface $response, $data): void
             throw new IdentityProviderException(
                 sprintf('There was an error on response: %s', $data['error']),
                 match ($data['error']) {
-                    'invalid_client_secret' => 403,
+                    'invalid_client_secret', 'invalid_code' => 403,
                     default => 500
                 },
                 $data['error']