invalid_client error when using service account + domain wide delegation to authenticate with Google Ads API

I am trying to authenticate into Google Ads using the following API client for c# https://github.com/googleads/googleads-dotnet-lib. I am trying to authenticate using a service account + gsuite domain wide delegation. I have performed all of the steps in this documentation but am receiving an invalid_client error from Google. Below is the code I am running.

GoogleAdsClient client = new GoogleAdsClient();
client.Config.OAuth2Mode = OAuth2Flow.SERVICE_ACCOUNT;
client.Config.OAuth2PrnEmail = "useremail@gsuite.com";
client.Config.OAuth2SecretsJsonPath = HostingEnvironment.MapPath("~/service-account-keys-downloaded-from-gcp.json");
var svc = client.GetService(Services.V2.CustomerService);
var accounts = svc.ListAccessibleCustomers();

The code is supposed to authenticate on behalf of a user in a gsuite organization and list all of the accounts the user has access to. When I run the above code I get the following error.

Status(StatusCode=Unavailable, Detail="Getting metadata from plugin
failed with error: Exception occurred in metadata credentials plugin.
Google.Apis.Auth.OAuth2.Responses.TokenResponseException:
Error:"invalid_client", Description:"The OAuth client was not found.", Uri:""

It seems that no matter what email I try to authenticate with I still get the same error which makes me think that there is a fundamental issue with how I am trying to authenticate.

All of the necessary fields seem to map properly into the GoogleAdsClient Config except for the client secret. I am unable to pass a client secret into the request because the service account client (auto created when enabling domain wide delegation on a service account in GCP) does not come furnished with a client secret. The docs that I have mentioned don't seem to specify how you would obtain a client secret when authenticating with a Google service account, however this seems necessary.