Angular-oauth2-oidc: Implementing client_credentials grant_type

Don't think that makes much sense. The client_credentials grant is meant for _server to server_ communication, not for (Angular) SPA's. The main reason is that the client_secret is _super_ important in that flow, and you have no way to keep that secret in an SPA.

Think of it this way: you could _emulate_ said grant by just using the (also legacy, but supported) Resource Owner / Password flow in this library, and _hardcode_ the username and password in your Angular source code. You'd get a similar effect, and similar security problems (anyone can open up your source code and read your password/secret).

If you want to use client_credentials in a SPA _just for a quick demo_ and not bother with the more complicated flows, you could just use the following _very very very unsafe snippet_:

const client = "yourclient";
const secret = "yoursecret"; // unsafe in a JS application!!!
let token = null;
fetch("https://demo.identityserver.io/connect/token", {
    method: "POST",
    headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8' },
    body: `grant_type=client_credentials&client_id=${client}&client_secret=${secret}`
})
    .then(data => data.json())
    .then(obj => {
        token = obj.access_token;
    });

Anyways, to reiterate: I appreciate the feature request, but suggest we do not add the feature to this library.

Thx again for suggesting the feature, but I feel the consensus is not to add it to the library. Hopefully my above snippets helped you out for any specific scenario you may've had.