Hello!
The invalid_grant error is documented in the oauth2 specification (which Auth0 follows): RFC 6749 - The OAuth 2.0 Authorization Framework
invalid_grant
The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
Because you’re using the resource owner password grant, most likely this error means your username and password are invalid. If you check the error description you receive back with the error code, it should clarify for you what is going wrong.