Slack says as below.(https://api.slack.com/methods/oauth.v2.access)
If at all possible, avoid sending client_id and client_secret as parameters in your request.
But if I remove client_id or client_secret I got invalid_client_id or bad_client_secret. How can I resolve it?
I realized it by using the HTTP basic authentication. (I set the client_id and client_secret in the url like http://{client_id}:{client_secret}@...)