OAuth 2.0 Resource Owner Password Credential grant missing Username/Password fields in UI

When configuring OAuth 2.0 authentication with the "Resource Owner Password Credential" grant type, the Username and Password input fields do not appear in the UI, even though they are defined in the plugin and are being sent in the token request (as empty values).

—-

Tested at: Folder level auth settings with inherit, also tried at request level auth settings

Reproduce

1. possible impacting scenario : I am using the 1password integration with the Desktop App (not the SLA token) to provide oauth2 credentials. These seem to be coming through fine if I point at an echo server, but I figured I’d include this detail just in case.

2. Open a folder (or workspace/request) settings

3. Go to the Auth tab

4. Select "OAuth 2.0" as the authentication type

5. Change Grant Type to "Resource Owner Password Credential"

6. Observe that only Client ID, Client Secret, Access Token URL, Audience fields appear, but Username and Password fields are missing

I threw up an echo server to try and capture what was being sent up, the fields are not visible in the UI, but ARE being included in the token request with empty values. Pointing at an echo server shows:

grant_type=password&username=&password=&scope=...&client_id=... 

—-

I did try to see if I could hunt down the bugs but I wasn’t able to find anything, the code seems solid (it looks like it should work)

plugins/auth-oauth2/src/index.ts lines 230-244:

{ type: 'text', name: 'username', label: 'Username', optional: true, dynamic: hiddenIfNot(['password']), }, { type: 'text', name: 'password', label: 'Password', password: true, optional: true, dynamic: hiddenIfNot(['password']), }, 

The hiddenIfNot(['password']) dynamic function should return { hidden: false } when grantType === 'password', which should make the fields visible.

The issue might be w/ how the dynamic visibility is being evaluated or applied in the UI layer. The applyDynamicFormInput function in packages/plugin-runtime/src/common.ts processes the dynamic functions, and DynamicForm.tsx checks for hidden at line 118.