I have an API management implementation as follows.
End User <--> Web App <--> API Server Gateway <--> API Resource Server
I use OAuth grant_type=code to authenticate the user credentials and then access API Resource using the tokens.
As API Provider (resource developer), I need to access the end user credentials (or atleast the context) to know who is initiating the request and provide the response customised for the user.
is it possible ? if yes, does that vioalate the OpenID / OAtuh standards ?
Yes, that is possible and no - you won't be violating the OAuth standards. Reason: Validation of tokens (exchange of information between the authorization server and the resource server is out of the scope of OAuth spec).
Quoting from OAuth 2.0 Token Introspection
Since OAuth 2.0 [RFC6749] does not define a protocol for the resource server to learn meta-information about a token that is has received from an authorization server, several different approaches have been developed to bridge this gap.
Two most important entities that the authorization server would be returning as a result of introspection are the user-identifier and the approved scopes (via the token presented).
The introspection could be done in several ways: