Overreaching part is deploying some anti-user tools that enforce restrictions in your private digital space after you already paid for the product.
Authentication for the purchase itself is fine, it's not any different than you showing your face in a store when you pay, so the seller gives the product to you because it's you paying. I.e. it would be wrong for the seller to give it to someone else instead (unless you ask). That's what authentication is for.
But the seller from the store doesn't send an enforcer along, to make sure you are you even after you already left or to make sure you don't do something else with the product. And it would be even more weird, if that enforcer will accompany you home and will enforce whatever in your private space. And that's exactly what DRM is doing.
The farther you take these analogies with physical goods, the more stretched and strained they get. For example, there's not a lot of intellectual property restrictions on a roll of toilet paper. That's because almost all of the value of a roll of toilet paper is in the actual production of the physical thing.
On the other hand, software is essentially free (as in beer) to copy once it exists. So it makes sense that toilet paper doesn't have enforcers.
You say that authentication is ok because it's for the purpose of ensuring you paid. But that's also the purpose of DRM, which you say is not ok. So there must be more to the reason.
Personally, I don't think DRM is morally wrong in general. If there DRM I object to on a product, I won't buy that product.
I don't see anything stretched in that, especially when DRM proponents very clearly expressed the idea behind it themselves. I already gave you a link above with exact quote. Their idea was to violate users' privacy because "there is simply too much at stake". Something like police state also has "too much at stake" not to use mass surveillance or whatever other overreaching preemptive policing.
Authentication for the purchase itself is fine, it's not any different than you showing your face in a store when you pay, so the seller gives the product to you because it's you paying. I.e. it would be wrong for the seller to give it to someone else instead (unless you ask). That's what authentication is for.
But the seller from the store doesn't send an enforcer along, to make sure you are you even after you already left or to make sure you don't do something else with the product. And it would be even more weird, if that enforcer will accompany you home and will enforce whatever in your private space. And that's exactly what DRM is doing.