Why does a call to Token URL return a "Client id unauthorized" error after the Authorization URL has been called succesfully with the same Client Id?

The POST request to the Token URL requires the client_id and client_secret of your app:

  • either as body parameters,
  • or within the Authorization Header, with Basic Authentication as such:   Authorization: Basic <base64 encoded string client_id:client_secret>

For further details, please read the chapter "Authorization (OAuth)" in "Getting Started", here.