This is a pretty common issue that comes up. One downloads the UCWA sample and sets it up. However when they go to sign in, they fail each time with an error "Login failed."
If you check the HTTP response you'll see:
HTTP/1.1 400 Bad Request
X-Ms-diagnostics: 28020;source="Director.NNY.local";reason="No valid security token."
At its core, invalid_grant simply means you were unable to be authorized. Possibly bad credentials, or some other reason. (See http://ucwa.lync.com/documentation/GettingStarted-Authentication)
However in this case people will swear they are putting in the correct information.
The reason for this failure is actually pretty simple, but due to the design of the sample it is not always the first thought that comes to mind. The sample only includes a field for your Sign-in address and password, but no username. It makes an assumption that the users SIP sign-in address will be the same as their UPN. If this is not valid for the environment the sample is running in, then there is effectively no way to sign into the sample without making some changes.
The simplest solution is to just add a 3rd text box to allow a username to be entered separately from the sign-in address:
Attached are some changed sample files that can be used to achieve this.