Hey, even I had the same issue.
Check your Connected App settings which are under Selected OAuth Scopes, you may require to change the selected permissions. My app originally uses Chatter, so I had to add both of these:
- Access and manage your Chatter feed (
- Perform requests on your behalf at any time (
Again, your mileage may differ but try various combinations of permissions based on what your Application does/needs.
Additionally, the actual
invalid_grant the error seems to occur due to IP restrictions. Assure that the server's IP address that is operating the OAuth authentication code is allowed. I figured out that if the SFDC environment has IP restriction setting Enforce IP restrictions set (Setup -> Administer -> Manage Apps -> Connected Apps), then each User Profile needs to have an allowed IP addresses as well.