...
client_assertion A base64 encoded JWT signed with your private key, and constructed as specified in https://datatracker.ietf.org/doc/html/rfc7523#section-2.2.
client_secret client secret either in the post body, or as a basic authentication header. Optional. NOT SUPPORTED IN PRODUCTION. client_assertion and client_assertion_type should be used in all normal cases.
grant_type
authorization_code, client_credentials, refresh_token or urn:ietf:params:oauth:grant-type:token-exchange
...