I am experiencing something similar. Although, for me I CAN login with an app-token, tested both the ‘Nextcloud’ and the ‘Nextcloud Talk’ iPhone app, but normal username/password login still gives ‘Access Forbidden - Invalid Request’.
My research has produced these two links, but neither seem to supply a working fix of any kind:
I also looked through the code quickly and found that the error is likely generated in ./core/Controller/ClientFlowLoginController.php - The comment for this section of code has the following ‘No valid clientIdentifier given and no valid API Request (APIRequest header not set)’.
I have thought of headers, tokens, security-transport settings but really nothing I have tried has made any difference. The logs are also offering nothing very concrete - in fact, it almost looks like the process goes according to plan - except for one thing maybe:
There are 2 redirect GET entries with the clientIdentifier string. The first one produces a HTTP/1.1" 301 and the second one a HTTP/2.0" 303.
It may be expected behavior but it’s all that I have to go on.
Anybody have any suggestions?