PasswordGrant is not sent correctly

[albrechtflo-hg]

Expected Behavior

I still want to use the Resource Owner Password Credentials Flow with an HttpClient and Oauth2. The request to retrieve the token shall be sent correctly to the token endpoint.

Actual Behaviour

The request is sent incomplete to the token endpoint - client_id and client_secret are missing. Most likely, this is caused by a wrong Grant object set as the body of the request, as this method returns a Map instead of a SecureGrant:

https://github.com/micronaut-projects/micronaut-security/blob/v3.4.1/security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/context/OauthPasswordTokenRequestContext.java#L54

So, the call in secureRequest fails, as the instanceof condition is not met, so client_id and client_secret are not set on the body:
https://github.com/micronaut-projects/micronaut-security/blob/v3.4.1/security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/DefaultTokenEndpointClient.java#L116

Steps To Reproduce

Try to access a REST API which requires an Authorization token which you can retrieve via a ROPC flow. Example configuration can be found in #979.

Environment Information

Tested with 3.3.0, as 3.4.1 has #979, which blocks me from using it, but according to the code, it seems to have the same issue.

Example Application

No response

Version

3.3.0

[albrechtflo-hg]

Closing for being invalid - the Map indeed implements the SecureGrant interface; auth-method was missing in token endpoint configuration.