Layer7 API Management

Expand all | Collapse all

How to turn off the implicit grant type

Jump to Best Answer
  • 1.  How to turn off the implicit grant type

    Posted 09-04-2016 10:31 AM

    The OTK supports the implicit grant type of the OAuth 2.0 framework. However, how should this (rather insecure) grant type be disabled? I know about the encapsulated assertion OTK Configured Grant Types, but the implicit grant type is not configurable there. Should I turn it off specifically in the authorize-endpoint?



  • 2.  Re: How to turn off the implicit grant type
    Best Answer

    Posted 09-04-2016 09:04 PM

    you would need to customize /auth/oauth/v2/authorize endpoint, 

    Try to find "OTK response_type=TOKEN" in authorize endpoint, and then disable the parent "All assertion ..." branch.

    The test client /oauth/v2/client/implicit should return error message,

    "The request was invalid. Please try again."