Trying to access the Open API against my hardware OC200 controller, but always get a Client/Secret invalid error.

Following instructions here https://use1-omada-northbound.tplinkcloud.com/doc.html#/home  

Tried the Access Token method

1. call to /authorize/login works, so the CLIENT ID and OMADAC ID must be correct
2. call to /authorize/code works, and get the authCode, and again CLIENT ID and OMADAC ID must be correct
3. call to /authorize/token fails, sending the CLIENT SECRET and authCode, and get 'The Client Id Or Client Secret is Invalid'
   • The Client Secret is copy-pasted from the Controller Application Integration page for an application with the Access Token mode

Tried the Client method

• call to /authorize/token
  • The Client Secret is copy-pasted from the Controller Application Integration page for an application with the Client mode
  • curl "https://xxxx:443/openapi/authorize/token?grant_type=client_credentials" -H 'content-type:application/json' -d '{"omadacId": "xxxx", "client_id": "xxxx", "client_secret": "xxxx"}' -X POST -i -k --insecure
  • Always get 'The Client Id Or Client Secret is Invalid'

So it looks like both methods always fail for the same reason. As the Access Token validates and uses the Controller Id and Client Id in the first 2 steps, I'm guessing there is something wrong with the Client Secret given on the Controller Application Integration page. 

Or is there something else I need to do in order to enable Open API access?