This is wrong, you are sending your client secret as an oAuth, these are two separate things
You use your ClientID + ClientSecret to generate a token and you use that token.
You probably want the App Access Token flow to generate a server to server token