Added basic support for oauth2-password-flow

[cwilsn]

Issue #807 - refresh_token is not yet support but basic the basic username/password auth works. Will continue to work on refresh_token as I have time.

[pkerspe]

may I suggest adding the client_secret here as well?
client_secret: encodeURIComponent(clientSecret),

at least it helped me using password flow with my REST API endpoint which requird a secret as well for token generation

[cwilsn]

In my last push I added the client secret to the auth headers for basic auth. I believe Spring Security requires basic auth for getting a token. Does it solve your problem as well @pkerspe or does it need to be a query param?

[pkerspe]

unfortunately cannot confirm that the basic auth header part would be working for me, was trying with your last push, but had to roll back. I am using the shaffer/oauth2-server-php by the way. Grant type is UserCredentials (password).

[cwilsn]

@pkerspe although the client_secret isn't in the spec for attributes in the password flow of oauth I've added it in for you as it won't hurt and it seems that some implementations require it. Hopefully this will work for you now.

[cbornet]

What will happen if you have both "password" and "implicit" or "accessCode" oauth schemes defined ? See #1644

[frol]

I've been using it for a couple of weeks now, and this PR works fine! (However, login/password inputs are not styled/aligned at all, but it is not a big deal for me at this point.)

Anyone can test it using my example RESTful API server: https://github.com/frol/flask-restplus-server-example/

[frol]

This PR is outdated and should be closed as well as mine #1853 since a great refactoring was done in #2014.

[webron]

@pusherman - Definitely should have dealt with it a long time ago, but unfortunately, I didn't. We do appreciate the time you've taken into putting this up, but as you can tell, it is no longer relevant. Thanks again for taking the time and putting in the effort.