Yes, as Jeckoso said... I'm using MVC and in my Web.config file, I have the ClientID and the Secret but there is a third argument called mode which can be 'sandbox' or 'live'. Going with live credentials with the mode sandbox will throw the not authorized exception.
... View more