Reading Avik Ganguly comment in
FINERACT-629 that "the spring oauth changes we did broke Oauth", and a number of (failed, uncompleted, abandoned) PRs by Saransh Sharma related to FINERACT-1012 and FINERACT-1057 gives me the impression that Fineract's OAuth support feature may actually currently be broken.
Let's use this issue for someone to investigate and propose a PR to fix Fineract's OAuth support. I see this as a separate issue from FINERACT-1012. It would be "fair game", IMHO, to propose to just e.g. revert whatever is known to have broken it (if someone knows what that is - I personally do not) - and then deal separate and later with respective 3rd party upgrades, or whatever.
If it's not broken and works on develop (and thus 1.4.0) as-is, then this issue should be closed.