OptionalclientOptionalclientREQUIRED. The client secret. The client MAY omit the parameter if the client secret is an empty string.
Including the client credentials in the request-body using the two parameters is NOT RECOMMENDED and SHOULD be limited to clients unable to directly utilize the HTTP Basic authentication scheme (or other password-based HTTP authentication schemes). The parameters can only be transmitted in the request-body and MUST NOT be included in the request URI.
Keep it a secret.
OptionalcodeAuthorization code grant. REQUIRED. When grant_type is set to "authorization_code".
OptionalidentityIdentity of the end-User account association. REQUIRED. When grant_type is set to "identity".
OptionalrefreshRefresh token string to obtain NEW access token. REQUIRED. When grant_type is set to "refresh_token".
OptionalscopeOptionalstate
The client identifier issued to the client during the registration process. REQUIRED, if the client is not authenticating with the authorization server. May be transmitted in header: [X-Webitel-Client].