Brian Demers
The Password Grant, is scheduled to be removed in OAuth 2.1 (draft). There are more secure options that exist today.
Sounds like a typical CRUD, and we have a bunch of examples on our blog 
There are a few ways to do this, but essentially you have your user login (i.e. redirect to a login page), If your application is a SPA, the front end gets an Access token. If it’s a backend application the backend gets the Token (typically more secure). You can either use that access token to send to your other micro services (if said services need info about the user), or you can use a Client Credentials flow between services.
- https://developer.okta.com/…
- https://developer.okta.com/…