diff --git a/lib/canvas/oauth/grant_types/authorization_code.rb b/lib/canvas/oauth/grant_types/authorization_code.rb
index cd9245cd23f..d55460b2ebd 100644
--- a/lib/canvas/oauth/grant_types/authorization_code.rb
+++ b/lib/canvas/oauth/grant_types/authorization_code.rb
@@ -11,7 +11,7 @@ module Canvas::Oauth
         raise Canvas::Oauth::RequestError, :authorization_code_not_supplied unless @opts[:code]
         @_token = @provider.token_for(@opts[:code])
         raise Canvas::Oauth::RequestError, :invalid_authorization_code  unless @_token.is_for_valid_code?
-        raise Canvas::Oauth::RequestError, :incorrect_client unless @_token.key.id == @_token.client_id
+        raise Canvas::Oauth::RequestError, :incorrect_client unless [@_token.key.global_id, @_token.key.id].include? @_token.client_id
       end
 
       def generate_token
diff --git a/spec/controllers/oauth2_provider_controller_spec.rb b/spec/controllers/oauth2_provider_controller_spec.rb
index 5e9f66ac7bc..a9305040ddb 100644
--- a/spec/controllers/oauth2_provider_controller_spec.rb
+++ b/spec/controllers/oauth2_provider_controller_spec.rb
@@ -374,6 +374,12 @@ describe Oauth2ProviderController do
           expect(json.keys.sort).to match_array(success_token_keys)
           expect(json['token_type']).to eq 'Bearer'
         end
+
+        context 'with global_id as client_id' do
+          let(:client_id) { key.global_id }
+
+          it { is_expected.to have_http_status(200) }
+        end
       end
 
       context 'invalid grant_type provided' do