This flow requires the Resource Owner to fully trust the Client with their credentials to the Authorization Server.
It was designed for use-cases when redirect-based flows cannot be used
Its use is not recommended.
Instead of redirecting the Resource Owner to the Authorization Server, the user credentials are sent to the Client application, which then forwards them to the Authorization Server.
