`invalid_grant` status code should be 400

According to section 5.2 of rfc 6749
(https://tools.ietf.org/html/rfc6749#section-5.2)

A server should respond with 400 in case of an invalid grant. The
given grant is invalid and the client should give other data.

A 401 is not applicable here because the client is required to give
a suitable Authorization header field which doesn't make any sense if
you are trying to acquire a grant authentication.

According to sections 10.4.1 and 10.4.2 of rfc 2616
(https://tools.ietf.org/html/rfc2616#section-10.4.1)

2 files changed, 2 insertions, 2 deletions

diff --git a/oauthlib/oauth2/rfc6749/errors.py b/oauthlib/oauth2/rfc6749/errors.py
index 5a0cca2..7b31d47 100644
--- a/oauthlib/oauth2/rfc6749/errors.py
+++ b/oauthlib/oauth2/rfc6749/errors.py
@@ -245,7 +245,7 @@ class InvalidGrantError(OAuth2Error):
     issued to another client.
     """
     error = 'invalid_grant'
-    status_code = 401
+    status_code = 400
 
 
 class UnauthorizedClientError(OAuth2Error):
diff --git a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
index 21540a2..f055c7d 100644
--- a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
+++ b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
@@ -109,7 +109,7 @@ class RefreshTokenGrantTest(TestCase):
         token = json.loads(body)
         self.assertEqual(self.mock_validator.save_token.call_count, 0)
         self.assertEqual(token['error'], 'invalid_grant')
-        self.assertEqual(status_code, 401)
+        self.assertEqual(status_code, 400)
 
     def test_invalid_client(self):
         self.mock_validator.authenticate_client.return_value = False