Are you sure both implement oAuth with Resource Owner Password Credentials flow?
Take a look at the spec, and see that within the Resource Owner Password Credentials flow, the client_id and client_secret are not needed.
In Authorization Code Grant, the spec FORCES the client to pass client_id and client_secret, but in 4.3.1 it says that the auth-server requires client authentication FOR CONFIDENTIAL CLIENTS. The spec leaves it open to cases when the client is not "confidential". If in the case of the question above (@Doorkeeper), the client is not "confidential" - the client_id might not be needed...