In general, the resource owner password credentials (ROPC) grant would be last resort option or the least recommended one for most cases. This grant is mostly useful when migrating legacy/proprietary authentication protocols to OIDC/OAuth 2.0 and either due to time constraints or to reduce risk you want to perform this migration in incremental steps with as few changes as possible in the first iteration.
For example, imagine you had a regular web application that collected end-user credentials, POSTed them to the server, the server would validate them against a local database and then initiate a cookie-based session. Moving from this scenario to one where the credentials are not managed locally but are instead managed through an OIDC/OAuth 2.0 identity provider/authorization server it’s very linear if you make use of ROPC.
Using ROPC in the above scenario would allow to move the credentials to the identity provider while performing minimal changes to the legacy application in the first iteration. However, if you’re building the full system from scratch there is very little reasons to consider ROPC; in this case I would recommend you to check the following link as a guide to decide which flow to use depending on the client application: