When we make a call to the /openid/connect/v1/userinfo endpoint using to get the token through the "Password Credentials" stream, but the userinfo cannot be consumed
since it displays an expired claim token error
is the password credential flow compatible with openid?
It is possible to customize the userinfo endpoint so that it returns the user data using the password credentials flow.
Note: When using the authorization code flow it works correctly
Release : 10.0, 10.1
Component : OTK
"Password Credentials" grant_type will not work with openid (not compatible) .
According to specifications it will possible only using grant_type authorization_code" or "implicit"
ref:
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
grant_types_supportedOPTIONAL. JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports.
Dynamic OpenID Providers MUST support the authorization_code and implicit Grant Type values and MAY support other Grant Types.
If omitted, the default value is ["authorization_code", "implicit"].
note: customize to use oob on the policy instead of openid is not recommended because is not using the openid scope specifications as expected to be used.