PoC support for Resource Owner Password Credential Flow

Hello,

I need support for Resource Owner Password Credential Flow (https://www.rfc-editor.org/rfc/rfc6749#section-4.3). oidc-client-ts does not support it… but the changes needed to support it are very small.

I have made it in my OIDC playground, but I have needed to duplicate some classes in my project because they are @internal and cannot be used/extended in client projects. It would be much easier if this support was directly provided by oidc-client-ts. Watch my PoC at https://gitlab.com/javier-sedano/oidc-vue/-/tree/master/src/oidc-client-ts and deployed to “production” at https://jsedano.duckdns.org/oidc-vue/ .

My questions:

• Are you guys open to receiving such a contribution?
• How? Fork + PR?

BTW, I know that Resource Owner Password Credential Flow is only secure if the Client Application is fully trusted not to keep the credentials… but in scenarios where the IdP and the Client Application are owned by the same entity (which is my case) it is acceptable (for example, read https://www.rfc-editor.org/rfc/rfc6749#section-1.3.3 or https://auth0.com/docs/get-started/authentication-and-authorization-flow/resource-owner-password-flow). So I would add the appropriate warning to the readme.