Welcome to the SmartThings Community, @StevenReiss!
So, when you select the ST Schema in “my testing devices”, the app redirects you correctly to the URL you defined as “Authorization URI” in the Developer Workspace (Device Cloud Credentials) which in your case is https://sherpa.cs.brown.edu:3336/oauth/authorize, correct?
After you login with a valid user, do you receive a request in the “Token URI” (https://sherpa.cs.brown.edu:3336/oauth/token)? This is when SmartThings requests an Access Token from your cloud
Please, check this sample where an OAuth server is included for testing purposes and you will be able to see its behavior during the authentication process:
This is weird…have you checked if you’re not getting an error like “Forbidden - failed verifySignature”?