Also, contrary to our documentation, you do need to supply your
redirect_uri. This paramter used to be optional but we made it compulsory a few years ago to mitigate against potential man in the middle attacks. I’ll get that documentation updated now.
Just to confirm, the our OAuth documentation has now been updated. Thanks for flagging this issue, Praveen!
redirect_uri(required) must be url escaped and match with a redirect_uri registered in your Developer Dashboard account.