RFC: https://datatracker.ietf.org/doc/html/rfc6749

Authorization code

Parameter Description
grant_type The type of grant requested (e.g., “authorization_code”, “password”, “client_credentials”).
redirect_uri The redirection URI to which the authorization server will send the user-agent after the user grants/denies consent.
code The authorization code received from the authorization server (for the “authorization_code” grant type).

Refresh token

client_id The unique identifier of the client making the request.
client_secret The secret key or password associated with the client, used for client authentication.
username The resource owner’s username (for the “password” grant type).
password The resource owner’s password (for the “password” grant type).
scope The scope of access requested by the client. Specifies what resources the client intends to access.
refresh_token A refresh token used to obtain a new access token when the original access token expires (for grant types that support refresh tokens).

Other grants