I'm using Caché as an OAuth authorization server and I want to accept the password credentials grant type. I've found that if I make an authorize request, the Caché authorization server requires some URL parameters that shouldn't be required in password grant (redirect_uri, state, scope, and response_type). If I include these parameters, it calls my DirectLogin() method instead of just calling ValidateUser() as I would expect from the docs. I have two questions:
1. Why does the authorize request fail without these additional parameters?
2. If I'm using DirectLogin, do I need to customize my method to handle password grant?
For reference, here's the authorize request I'm making: