As per RFC 6749 section 4.1, the authorization code grant lets the client obtain an access token through a browser redirect.
See https://spec.matrix.org/v1.18/client-server-api/#authorization-code-grant
As per RFC 8628, the device authorization grant lets clients on devices with limited input capabilities obtain an access token by having the user complete authorization on a separate device with a web browser.
See https://spec.matrix.org/v1.18/client-server-api/#device-authorization-grant
As per RFC 6749 section 6, the refresh token grant lets the client exchange a refresh token for an access token.
https://spec.matrix.org/v1.18/client-server-api/#refresh-token-grant
The OAuth 2.0 grant types that are defined for Matrix in https://spec.matrix.org/v1.17/client-server-api/#grant-types