wrong grant_type when using username/password in authorize

When you call authorize with a username and password, the code does:

$data->{grant_type} = 'password';

however it should be:

$data->{grant_type} = 'client_credentials';

or you get a 400 Bad Request from the API