This error can occur for several reasons:
1. When generating an access token you have not specified the correct content type. Be sure that a content-type header is included with the value of: application/x-www-form-urlencoded
2. In OTK 3.5 & 3.6 the value of the variable 'otk_session_secret_encryption' is set with an incorrect number of bits. This value can be changed in 'OTK Authorization Server Configuration' and must be exactly 256 bits in length.
Typically, customers use www.uuidgenerator.net to generate this unique value. However, when doing so the value generated is 288 bits and the size must be reduced.
3. If you have integrated the OTK with the Developer Portal clients are no longer managed via the OAuth manager and must be instead managed in Portal.
In the case the Portal integration is not required you can revert the OTK Client DB Get policy to the Out of Box version and remove the integration.