Since the default export of oauth has been removed, all the parameters must be passed to clientCredentials. But if client_id or client_secret is undefined, it is passed as a stringified "undefined" in the request, which fails it.

Undefined params should be stripped before sending the request.