Hello @Navneet ,
Apologize for delayed response. I just wanted to see if you're still having issues, because it's been a while since your original post date.
I would recommend you to use Content-Type = application/x-www-form-urlencoded
so that if there any special character in secret which won't be modifying during HTTP call also wondering were you able to use same in different tool like POSTMAN to testing authentication?
Hope this helps.
------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.