400 "invalid client" response in Oauth Credentials Flow

Oh well that would explain it!

I tried looking for that kind of information about what authorization was required for each type of scope, but I couldn’t find it. Do you know where it is located?