Hey there Willem! I see that you have a support ticket and are currently working towards resolving the issue but I wanted to share the information here in case others experience the same issue.
As mentioned, You should never visit /login directly. You need to instead make a call to the authentication API using the appropriate grant.
- Standard web applications should use the authorization code grant.
- Single page applications should use the implicit grant.
- Mobile applications should use the authorization code grant with PKCE.
- Non-interactive applications (i.e., those that don’t have end users) should use the client credentials grant.
Each of the articles above explains the relevant grant. At the bottom of each page there will be a link to an article that shows you how to implement it and provides details on the call you should make to the authentication API (via /authorize ).
If I can be further help please let me know!