I have client application and provider application.
I am using grant type authorization code. And after getting access token, I'm requesting for user information but there are just:
1. username
2. email
3. address
Is it possible to get user's password too? And is it secure?
No, it's not possible and would be incredibly insecure for users.
Imagine if signing into random sites with Facebook or Google gave them your full credentials. That would make everyone's accounts compromised and basically defeat the purpose of OAUTH.