This would indicate the client secret is invalid and not correctly copy/pasted from the dev console.
But generally that would prevent you generating a user token with a refresh token in the first place.
So check everything is set correctly and the right values being used.