I'm POST'ing to the token endpoint using Resource Owner Flow (as docs explain), providing the following payload (as suggested).
client_id:my_client
client_secret:ShombaBomba
grant_type:password
username:my_user
password:ShombaBomba
custom-field:custom-value
The error comes back saying the following two things.
{
"error": "invalid_grant",
"error_description": "invalid_username_or_password"
}
I'm confused, because the user does exist and the password (hashed, of course) is copied from client secrets (where it apparently works). Extra confusion due the info that invalid grant is produced (according to this) when a refresh token is used (i.e. grant_type_refresh is present).
I've seen that someone tried to add the grant type refresh_token but in my case, it didn't seem to change anything. I had to use a redirect URI for some reason so I hoped the refresh thing was something like that too. But nope...
What can I do to troubleshoot it further? The console says nothing more than that, neither.