I had started to implement the JWT Authorization Grant here but
forgot to back out those changes before I committed to just refactoring
the existing method. This was premature and also plain wrong in the
sense that the parameters were not being passed ('params' is the key
for sending GET parameters, not 'data' -- 'data' would be a separate
argument for POST).