The
password grant is generally not recommended over the authorization_code or client_credentials grant types, but
sometimes is the only option when interacting with a system which is outside of your control. This is implemented
similarly to the client_credentials grant, but instead of authenticating as a standalone client to the application,
you authenticate using a real user’s username and password.