I'm Confused with the OAuth2 password grant type-Concept
In here the token is implemented like using EndPoint/Claims
In this site or this blog the token is implemented by JSON object contains all the client credentilas detials
Can anyone Help to clear the concept much better?
If you mean the access token, then it can be of either type (a string with no special meaning or a JSON, XML or some other format). The OAuth2 specification says this:
An access token is a string representing an authorization issued to the client. The string is usually opaque to the client. Tokens represent specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server.
The token may denote an identifier used to retrieve the authorization information or may self-contain the authorization information in a verifiable manner (i.e., a token string consisting of some data and a signature).
So it depends on the OAuth2 implementation.
If you mean the ID token (from OpenID Connect), then it must be in a JWT (signed JSON) format.