Custom login example fails to fetch token

I am attempting to implement custom login in my spring boot application, working from the GitHub example code as my primary login method. I added the security config:

oauth2Login().loginPage("/custom-login")

There are some issues with the controller code:

public ModelAndView login(HttpServletRequest request,
                          @RequestParam(name = "state", required = false) String state,
                          @RequestParam(name = "nonce") String nonce) throws MalformedURLException

should probably be:

public ModelAndView login(HttpServletRequest request,
                          @RequestParam(name = "state", required = false, defaultValue="xoxoxo") String state,
                          @RequestParam(name = "nonce", required = false) String nonce) throws MalformedURLException 

Having made this change and adding my origin to the CORS list for api, I’m able to get to the custom-login page. I enter my username and password, but the flow fails when fetching the token:

 https://dev-########.okta.com/oauth2/{audience}/v1/authorize?client_id={clientID}&code_challenge=JDEX3gfssQVU-y0jBat8HdgpTPAX1H-DabxkQh3s4xw&code_challenge_method=S256&prompt=none&redirect_uri=https%3A%2F%2Fwww.example.com%2Fauthorization-code%2Fcallback&response_mode=okta_post_message&response_type=code&sessionToken=20111QWCbK19MBeLqg8-Fr6x2MAMieMxEs-9vC0iw10lAniGV_pw49c&state=xoxoxo&scope=profile%20email%20openid

results in

{"error":"invalid_client","error_description":"Client authentication failed. Either the client or the client credentials are invalid."}

If I remove the loginPage("/custom-login"), the login works. Clearly, some configuration parameter is messed up. Suggestions?

Is that error coming back from the token endpoint, or the authorize endpoint? I’m guessing its the token endpoint, from previous experience with similar errors, so there might be an issue with how the client auth was passed along in that request.

Have you tried comparing the raw network calls that the application makes to Okta to see what changes when you remove your loginPage?