Thanks for the support! Just to add some more information, I'm using the [oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxyhttp://) reverse proxy to test this as an oauth2 client.
I also disabled the length check for `x` and got the same error for `y` too.
When disabling length checks for `x` and `y` in the client source, the workflow works fine (but this is really a bad workaround for me).
Let me know if I can help in any other way.