A third party software company is attempting to authenticate to Standard ERP using OAuth2, but gets an error. They are set up in SERP, with REST API access, and they have the developer credentials, in which their redirect URL is specified. The error they're getting is:

{"type":https://tools.ietf.org/html/rfc7231#section-6.5.1,"title":"One or more validation errors occurred.","status":400,"traceId":"00-5b91718112e3b5458ed1b5930352eeae-ae47b096640e5546-00","errors":{"code":["Must not be null or empty"]}}

If I set up developer credentials with a different redirect URL, for example the web port of the SERP server, I can get an access token using SoapUI and their Standard ID. If I send this access token to them, they can use it and get the data. However, they need to be able to get the access token themselves. Does anyone know what the problem might be?