[BUG] Incorrect parameters sent to `/oauth/token`

[ThisIsMissEm]

Is there an existing issue for this?

• I have searched the issues (both open and closed)

Current Behavior

In the AccessTokenQuery, for exchanging an authorization code for an access token, you're currently sending a scope parameter, which has zero affect, but may break against some servers (we discovered this with Hollo 0.6.0)

You likely want to have a ClientCredentialsQuery which does set scope and client_id / client_secret, but does not set redirect_uri nor code.

This would also allow you to more easily implement PKCE to protect the code in the authorization code grant flow, and support for that can be discovered via the OAuth Authorization Server metadata endpoint via the code_challenge_methods_supported property.

This metadata will also be used to discover if a server supports the future OAuth features that I'm working on in mastodon/mastodon#34316

Expected Behavior

Correct parameters are passed to the /oauth/token endpoint based on the grant type being used.

Steps To Reproduce

If you want to reproduce an error case for this, you can with using Hollo 0.6.0 — these parameters are currently accepted in Doorkeeper (which backs Mastodon) but that's a potential bug with doorkeeper, they actually have no effect.

Environment

Problem exists in code on the `develop` branch.

Anything else?

No response