To obtain an Access Token, an ID Token, and optionally a Refresh Token, the RP (Client) sends a Token Request to the Token Endpoint to obtain a Token Response.
TOKEN REQUEST
A Client makes a Token Request by presenting its Authorization Grant (in the form of an Authorization Code) to the Token Endpoint using the “grant_type” value authorization code.
If the Client is a Confidential Client, then it must authenticate to the Token Endpoint using the authentication method registered for its “client_id”.
All the clients will use secret key, and the way to introduce in header is:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
[To receive authorization, the code of this parameter is implemented with the client_id and password, separated by a single colon (":") character, within a base64 encoded string in the credentials].
[authorization_code] -> receives the access token
[refresh_token] -> receives the access token
OpenIDspecreference: https://openid.net/specs/openid-connect-core-1_0.html#TokenRequest