Using Caché OAuth 2.0 authorization server with password grant
I'm using Caché as an OAuth authorization server and I want to accept the password credentials grant type. I've found that if I make an authorize request, the Caché authorization server requires some URL parameters that shouldn't be required in password grant (redirect_uri, state, scope, and response_type). If I include these parameters, it calls my DirectLogin() method instead of just calling ValidateUser() as I would expect from the docs. I have two questions:
1. Why does the authorize request fail without these additional parameters?
2. If I'm using DirectLogin, do I need to customize my method to handle password grant?
For reference, here's the authorize request I'm making:
POST /oauth2/authorize
Content-type: application/x-www-form-urlencoded
Content-type: application/x-www-form-urlencoded
grant_type=password
username=pravin
password=1234
client_id=xxxxxx
client_secret=xxxxxx
redirect_uri=xxxxxx
response_type=token
state=1234
scope=profile
username=pravin
password=1234
client_id=xxxxxx
client_secret=xxxxxx
redirect_uri=xxxxxx
response_type=token
state=1234
scope=profile