IIRC the Resource Owner Password grant method does not work for federated users. As your sandbox user is federated this might be the cause for your error.
Generally, I would recommend to use the Authorization Code Grant method, as it does not require the user to share their credentials with your app.
While the Resource Owner Password approach is valid, it is not as widely used as the Auth Code approach. The OAuth documentation also recommends to only use it if you can fully trust the device the request is made from, which is really only valid for server to server applications (if at all).
1 person found this helpful
Auth Code Grant will work with federated users in any case. The only restriction is that the Authorization dialog is not mobile friendly.