OAuth: Grant type check

I noticed that a client without authorization_code grant is able to make use of this grant and have users login to Genesys. This should not be allowed.

Similarly, clients with only client_credentials should only be able to authenticate with that flow, clients without client_credentials should be prevented from authenticating as clients.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information