A 401 Unauthorized error in an OAuth 2.0 flow typically indicates an issue with the client's authorization to access the resource. Based on the information provided, here are a few things to check:

* Client Credentials: Double-verify that the client_id and client_secret you are using in your application exactly match the credentials that were generated when you created the OAuth client in Oracle APEX.

* Token URL: Ensure the token URL you are using to request the access token is the correct endpoint provided by your Oracle APEX OAuth 2.0 configuration.

* Grant Type: Confirm that the grant type your application is using to request the token is one of the allowed grant types configured for the OAuth client in Oracle APEX.

* Client Role and Privilege Assignment: You've mentioned creating a custom role and privilege and assigning them to the module and the OAuth client. Ensure that the privilege (client_auth_custom) is correctly associated with the specific resource you are trying to access with the obtained token.

* Firewall/Network Issues: While less likely for a 401, ensure there are no network connectivity issues preventing your application from reaching the token URL or the protected resource endpoint.

* Server Logs: If possible, check the Oracle APEX server logs for more detailed error messages related to the OAuth 2.0 flow.