We have a few legacy apps that do not (and will not) support OAuth/OIDC, SAML, or WS-Fed. For these apps we put an Apache instance in front of them and use mod_auth_openidc to enforce authentication with Auth0.
It appears the module requires OIDC conformance to be disabled, and it relies on one or more of the legacy grant types. We haven’t confirmed precisely which legacy grant type it relies on (and yes, there are also a bunch of other grant types in the screencap that should be disabled!)
Just wondering what we should be concerned about here. Will the legacy grant types eventually go away? Is this a big deal? Are there alternative solutions we should look at?