When we use hashed secret method for Application Shared Secret Security, we have faced an interesting case detailed below: 

If the “Add Application Request Workflow” is disabled, there is no problem to get a Oauth token while using hashed secret method
If the “Add Application Request Workflow” is enabled, after the admin approve, developer could not get a token in no way. 

Error log: error: invalid_request, error_description: given client_secret is wrong or a confidential client did not provide a secret, given secret: ‘123456', client_type: 'confidential'

Release : 5.0.2

Component : API PORTAL

This will be resolved in portal 5.1.2 which is expected to be available in October.