Per my research, It looks like either the username or password passed in the credentials are incorrect. As you are getting token, after decoding it check the audience is valid, and see if it is either clientId or appId uri.
Here is a similar issue with yours, please make a refernece
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.