Ok, here's what we're trying to do.
We do a service account Credential Assertion with something like the google plus.login scope.
Then we do an authenticated request to 'https://accounts.google.com/o/oauth2/token
' with the grant_type of 'password', the users email address, and their password.
We would like to know if the password grant_type is available on any scope at google where the client is authenticated with the service credentials instead of a client_id and client_password, and where there is no redirect_uri.