Authorisation docs are incorrect

In the docs its gives an example request to gain an authorisation token. It specified a content-type of json and then the example content is for content type of application/x-www-form-urlencoded. The docs also say to pass the clientid and secret as basic auth parameters which does work but putting them as form parameters does.
After getting all that right if you make a consecutive request the second one fails with
and requires approving the app again to get a new code.
Bit flaky?
Any chance the docs could be sorted out if there is a means to use json and basic auth, and allow more than a single request to get an authorisation token?

For reference, application/json does work and requires the client_id and client_secret be passed in the json or the Authorisation header (along with the other fields of code, redirect_uri and grant_type.