diff --git a/appleid-auth-service/src/main/kotlin/org/ostelco/prime/auth/apple/Model.kt b/appleid-auth-service/src/main/kotlin/org/ostelco/prime/auth/apple/Model.kt
index 9dab2e0bb..0b7afe9b1 100644
--- a/appleid-auth-service/src/main/kotlin/org/ostelco/prime/auth/apple/Model.kt
+++ b/appleid-auth-service/src/main/kotlin/org/ostelco/prime/auth/apple/Model.kt
@@ -15,13 +15,13 @@ data class TokenResponse(
 
 data class ErrorResponse(val error: Error)
 
-enum class Error {
-    invalid_request,
-    invalid_client,
-    invalid_grant,
-    unauthorized_client,
-    unsupported_grant_type,
-    invalid_scope,
+enum class Error(val cause: String) {
+    invalid_request("The request is malformed, normally due to a missing parameter, contains an unsupported parameter, includes multiple credentials, or uses more than one mechanism for authenticating the client."),
+    invalid_client("The client authentication failed."),
+    invalid_grant("The authorization grant or refresh token is invalid."),
+    unauthorized_client("The client is not authorized to use this authorization grant type."),
+    unsupported_grant_type("The authenticated client is not authorized to use the grant type."),
+    invalid_scope("The requested scope is invalid."),
 }
 
 data class JWKKey(
@@ -33,4 +33,4 @@ data class JWKKey(
         val use: String
 )
 
-data class JWKSet(val keys: Collection<JWKKey>)
\ No newline at end of file
+data class JWKSet(val keys: Collection<JWKKey>)
diff --git a/appleid-auth-service/src/main/kotlin/org/ostelco/prime/auth/resources/AppleIdAuthResource.kt b/appleid-auth-service/src/main/kotlin/org/ostelco/prime/auth/resources/AppleIdAuthResource.kt
index 28cf4f061..adbdc4a61 100644
--- a/appleid-auth-service/src/main/kotlin/org/ostelco/prime/auth/resources/AppleIdAuthResource.kt
+++ b/appleid-auth-service/src/main/kotlin/org/ostelco/prime/auth/resources/AppleIdAuthResource.kt
@@ -29,7 +29,7 @@ class AppleIdAuthResource {
         return AppleIdAuthClient.authorize(authCode.authCode)
                 .fold(
                         {
-                            logger.warn("error: {}", it.error)
+                            logger.warn("AppleId Auth Error Response: {}, cause: {}", it.error, it.error.error.cause)
                             Response.status(it.status).entity(asJson(it))
                         },
                         { tokenResponse ->