Hi @henryollh205,
Welcome to the Auth0 Community!
The response to this topic addresses the resource owner password grant risks that you should certainly consider before implementing that strategy.
If you are logging the user in from a secure server a client credential grant should be sufficient, and I’m not sure why this would effect brute force protection.
I don’t personally have much experience with expo, but I can check with the team and see what I can come up with.
In the meantime, giving some feedback to our team about your needs is a useful exercise and one way we evaluate what projects get priority.
I’ll reply with what I find.
Thanks,
Dan