How to get access token with grant_type authorization_code?

Hi all
I use Keycloak to secure my apps and I have wrote a bash script, that makes an access token request via curl to the Keycloak server as follows:


export KC_REALM=databaker
export KC_PASSWORD=databaker
export KC_CLIENT=account
export KC_SERVER=localhost:8080
export KC_CONTEXT=auth
export KC_CLIENT_SECRET=9aac2131-1316-4d72-8f32-9d65cdc23a17

# Request Tokens for credentials
export KC_URL=http://$KC_SERVER/$KC_CONTEXT/realms/$KC_REALM/protocol/openid-connect/token
echo "URL => $KC_URL"

export KC_RESPONSE=$(
        curl -X POST \
        -H "content-type: application/x-www-form-urlencoded" \
        -d "username=$KC_USERNAME" \
        -d "password=$KC_PASSWORD" \
        -d "grant_type=authorization_code" \
        -d "client_id=$KC_CLIENT" \
        -d "client_secret=$KC_CLIENT_SECRET" \
        $KC_URL |
        jq .


if grep -q "error" <<< "$KC_RESPONSE"; then
  echo "++++++++Error+++++++++"
  exit 1

export KC_ACCESS_TOKEN=$(echo $KC_RESPONSE | jq -r .access_token)

export SVC=http://localhost:9090/genders
export SVC_RES=$(curl \
        -H "Authorization: Bearer $KC_ACCESS_TOKEN" \
        -H "Accept: application/json" \
        $SVC |
        jq .)
echo $SVC_RES

Unfortunately, I do not receive any access token. The Keycloak responses with:

  "error": "invalid_client",
  "error_description": "Parameter client_assertion_type is missing"

The client account is configured as follows:

The Keycloak OIDC JSON:

  "realm": "databaker",
  "auth-server-url": "http://localhost:8080/auth/",
  "ssl-required": "external",
  "resource": "account",
  "verify-token-audience": true,
  "credentials": {
    "secret-jwt": {
      "secret": "9aac2131-1316-4d72-8f32-9d65cdc23a17"
  "use-resource-role-mappings": true,
  "confidential-port": 0

What am I doing wrong?