What steps will reproduce the problem?
1. Submit a request with incorrect credentials
What is the expected output?
HTTP status 400 (as per https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/ )
What do you see instead?
HTTP status 200 (with a mangled JSON, see #1501)
What version of the product are you using? On what operating system?