it would be helpful to include client application in the audit for the OAuth2 SAML for Authorization Grant.
Looking at an audit for a ROPC grant you will be able to locate the Client App in the access.audit.json file and the RO was in the authentication.audit.json file. And the two of them are linkable with the transaction id. The audit record for the SAML grant puts the RO in the 'userId' attribute. It would be nice to see something to the ROPC grant for the audit logs for the OAuth2 SAML Authorization Grant.