So... I went through your bizzare auth ritual, got a code and then tried to get an auth token (**this seems over-engineered as fuck, I mean, a simple auth credentials header will do, it's not a stock broker or bankl it's just some administrative data).
In any case, I get the following error:
{'error': 'invalid_client', 'error_description': 'Client not found: APP-U882IK1MFODAH9RV'}
Which is rather disconcerting and unhelpful, since I do indeed have an app with the client_id "APP-U882IK1MFODAH9RV" (not sure how I can post a public link to it, but I've triple checked, it's there and the https://orcid.org/oauth/authorize call to get a code works just fine)
How does one go about debugging such a thing ?