The server.php code should probably also include:
// Add the "password" grant type (this is where the oauth magic happens)
$server->addGrantType(new OAuth2\GrantType\UserCredentials($storage));
This is also important for people trying the demo app later.
Add a link to the demo app from the user credentials docs page, and add a link to the other grant types from the walkthrough page.
From https://github.com/bshaffer/oauth2-server-php/issues/459:
Add a link to the demo app from the user credentials docs page, and add a link to the other grant types from the walkthrough page.