如何解决 webapi 获取 token 总是返回 invalid_client ？

Question

webapi 获取 token 总是返回 invalid_client ，如下图：

Head 信息：

相关代码：

WebApiConfig.cs

public static void Register(HttpConfiguration config) {
        config.MapHttpAttributeRoutes();

        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{id}",
            defaults: new { id = RouteParameter.Optional }
        );

        var jsonFormatter = config.Formatters.OfType<JsonMediaTypeFormatter>().First();

        jsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();

    }

Startup.cs

public partial class Startup {
    public void Configuration(IAppBuilder app) {

        var config = new HttpConfiguration();
        ConfigureAuth(app);
        WebApiConfig.Register(config);
        app.UseCors(CorsOptions.AllowAll);
        app.UseWebApi(config);
    }

    public void ConfigureOAuth(IAppBuilder app) {
        OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions() {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = new SimpleAuthorizationServerProvider()

        };

        app.UseOAuthAuthorizationServer(option);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
    }
}

SimpleAuthorizationServerProvider .cs

public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider {
    public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) {
        context.Validated();
    }

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) {
        context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

        using (AuthRepository _repo = new AuthRepository()) {
            IdentityUser user = await _repo.FindUser(
                new UserModel() { UserName = context.UserName, Password = context.Password });

            if (user == null) {
                context.SetError("invalid_grant", "The username or password is incorrect");
                return;
            }
        }

        var identity = new ClaimsIdentity(context.Options.AuthenticationType);
        identity.AddClaim(new Claim("sub", context.UserName));
        identity.AddClaim(new Claim("role", "user"));

        context.Validated(identity);

    }
}

这个问题应该是什么原因引起的？如何解决？