The grant type.

A space-delimited list of scopes that are associated with generated access token.

The authorization code. It is only required for "authorization_code" grant types.

The code verifier. This is used to verify the code challenge that was sent at the authorize endpoint. Required if the OIDC client is configured to require proof key for code exchange (PKCE)

The redirect URI. It is only required for "authorization_code" grant types.

The refresh token. It is only required for "refresh_token" grant types.

The user credential of resource owner. It is only required for "password" grant types.

The password credential of resource owner. It is only required for "password" grant types.

The token identifying the subject for a token exchange flow.

The token type of the subject_token.

The token identifying the acting party in a token exchange flow.

The token type of the actor_token.

The type of token that should be returned as part of the token exchange flow.

The OIDC client ID that is required when the basic authorization header is not set.

The OIDC client secret that is required when the basic authorization header is not set and the client is not a public client.

The JWT assertion being used to authenticate the client.

The format of client assertion.

The basic authorization header that contains a base64-encoded client ID and the client secret. Use this header as an alternative to sending the client ID and secret in the form parameters.