I was hoping someone else can respond but I have a vague recollection that this is because you haven’t used the proper credentials or set up the details correctly.
Check you have the correct setup in the Application side of things in the API Gateway including following the details on this page:
Esp this part for setting up the Application
Callback/Redirect URL - Provide the Callback/Redirect URL for your application (e.g. https://developer.transport.nsw.gov.au/admin/oauthCallback)
Scope = user
Type = Confidential
Or… there was a previous thread about a 500 response. Not sure if these solutions help at all?