first of all, congrats on the first alpha release of Keycloak!

We're looking for a simple and lean way to add the OAuth 2.0 Resource Owner Password Credentials Grant to a web application written in JavaScript with a Java/REST backend (JBoss AS 7, planning to switch to WildFly, JAX-RS etc.).

Since I didn't find any references in the code or the docs, I'm wondering: does Keycloak provide an implementation of the Resource Owner Password Credentials Grant as described in the OAuth Spec (http://tools.ietf.org/html/rfc6749#section-4.3)? In other words, is there a way to simply send a username and password to the auth server in exchange for an access token (and optionally a refresh token - from previous posts I gather this will be added soon...)?

Cheers,

Nils