I've been struggling over the past couple of days to wrap my head around something. I have worked with OAuth2 servers before and am familiar with all the spec grant types. But I'm working on an application where I want to use an OpenID service for user authentication to my OAuth2 server.
But the issue is I want an implicit trust with my application and my server, so somewhat like the resource owner password grant. But the issue is im not authenticating with a password I'm authenticating with OpenID provider.
So would I be stuck basically making a custom grant type to deal with this? Is there any future plans to implement such grant type in the spec? Any advice would be really appreciated as I cannot find any relevant information after searching long and hard.
Thanks