Despite mentions in the OTK documentation when looking for the assertion "Retrieve OAuth 2.0 Token" in a standard Gateway/OTK install it cannot be found.
This assertion is installed as part of the Mobile API Gateway (MAG) and with MAG licensing. You will need to install this to make use of the assertion.
You can create an encapsulated assertion to provide similar functionality. Attached is a sample policy provided as a guideline for doing so. The sample uses the client credentials grant type but can be modified to suit your needs.