Не удается получать аccess token из Symfony

//controller

namespace AppBundle\Controller;
use AppBundle\Entity\ApiUsers;
use FOS\RestBundle\Controller\Annotations as Rest;
use FOS\RestBundle\Controller\FOSRestController;
 use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use FOS\RestBundle\View\View;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
class ApiController extends FOSRestController
{
    /**
     * @Rest\Post("regUser/")
     */
    public function addPostAction(Request $request, 
    UserPasswordEncoderInterface $encoder)
{
    $data = new ApiUsers();
    $username = $request->get('username');
    $email = $request->get('email');
    $password = $request->get('password');
    if(empty($username) || empty($password))
    {
        return new View("NULL VALUES ARE NOT ALLOWED", Response::HTTP_NOT_ACCEPTABLE);
    }
    $data->setUsername($username);
    $data->setPassword($password);
    $data->setEmail($email);
    $em = $this->getDoctrine()->getManager();
    $em->persist($data);
    $em->flush();
    return new View("User Added Successfully", Response::HTTP_OK);
}

}

//seciurity.yml

security:
  encoders:
      FOS\UserBundle\Model\UserInterface: bcrypt
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
    in_memory:
        memory: ~
    fos_userbundle:
        id: fos_user.user_provider.username
firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    oauth_token:                                   # Everyone can access the access token URL.
        pattern: ^/oauth/v2/token
        security: false
    api:
        pattern: ^/api                           # All URLs are protected
        fos_oauth: true                            # OAuth2 protected resource
        stateless: true                            # Do no set session cookies
        anonymous: false                           # An
    main:
        anonymous: ~
        # activate different ways to authenticate
        # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
        #http_basic: ~
        # https://symfony.com/doc/current/security/form_login_setup.html
        #form_login: ~
access_control:
    - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }

////Config.yml

# Nelmio CORS Configuration
 nelmio_cors:
  defaults:
      allow_credentials: false
      allow_origin: ['*']
      allow_headers: ['*']
      allow_methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']
      max_age: 3600
      hosts: []
      origin_regex: false

# FOSRest Configuration
  fos_rest:
    body_listener: true
    format_listener:
      rules:
      - { path: '^/', priorities: ['json'], fallback_format: json, 
prefer_extension: false }
   param_fetcher_listener: true
  view:
      view_response_listener: 'force'
      formats:
          json: true
fos_user:
  db_driver: orm # other valid values are 'mongodb' and 'couchdb'
  firewall_name: main
  user_class: AppBundle\Entity\ApiUsers
  service:                               # this lines
      mailer: fos_user.mailer.twig_swift # this lines
  from_email:
      address: "xsx"
      sender_name: "sxs"
fos_oauth_server:
    db_driver: orm
    client_class:        AppBundle\Entity\Oauth2Clients
    access_token_class:  AppBundle\Entity\Oauth2AccessTokens
     refresh_token_class: AppBundle\Entity\Oauth2RefreshTokens
     auth_code_class:     AppBundle\Entity\Oauth2AuthCodes
      service:
        user_provider: fos_user.user_provider.username
         options:
            access_token_lifetime: 86400
          refresh_token_lifetime: 1209600
          auth_code_lifetime: 30

//Postman

username poxos22
password 123456
client_id 12_5wzjwogvfa80sww4wo0840wocsoo0gk08cgos0skco48k4g12e
client_secret 2valk06xew8w4gkcswwgkg40cs8kgkkg0ssc4g4k4cgokgsdsc 
grant_type password

//error

{ "error": "invalid_client", "error_description": "The client credentials are invalid" }