I'm trying to configure simple_oauth to use with local Lando install of a Drupal 9 site with decoupled React frontend.
I followed the instructions at https://drupalize.me/tutorial/install-and-configure-simple-oauth?p=3003 and generated the necessary RSA keys in the terminal:
$ openssl genrsa -out private.key 2048
$ openssl rsa -in private.key -pubout -out public.key
...placing the keys into /drupal_root/key, and specifying their paths at /admin/config/people/simple_oauth. I opened both files in Gedit and they look standard
Then I created a new 'OAUTH' role, giving it permissions to add, edit and delete content.
I created a consumer, enabled the 'OAUTH' role, saved the configuration and copied its secret and UUID.
Then I followed the instructions at https://drupalize.me/tutorial/make-api-requests-oauth?p=3253 to make a POST request using Postman. The only difference is that instead of their request to http://localhost:8888/oauth/token, I sent it to my Lando url http://react1.lndo.site/oauth/token
I've checked the request headers and body key:values carefully (ensuring client_id, client_secret, username and password are correct), but I keep getting 401 responses that say "invalid_client", "Client authentication failed"
Then I tried making the request with cURL and got the same error response:
$ curl -F 'grant_type=password' -F 'client_id=b7958f62-df63-4b95-9a55-20954178d788' -F 'client_secret=react2' -F 'username=oauthuser' -F 'password=password' -F 'scope=oauth' -X POST http://react1.lndo.site/oauth/token
{"error":"invalid_client","error_description":"Client authentication failed","message":"Client authentication failed"}
I also tried making the request via cURL using a different format and got a different error message:
$ curl -d '{"grant_type":"password", "client_id":"b7958f62-df63-4b95-9a55-20954178d788", "client_secret":"react2", "username":"oauthuser", "password":"password", "scope":"oauth"}' -H "Content-Type: application/x-www-form-urlencoded" -X POST http://react1.lndo.site/oauth/token
{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.","hint":"Check the configuration to see if the grant is enabled.","message":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}
What am I missing here?