Message Image

Skip main navigation (Press Enter).

Layer7 API Management

Back to discussions

Expand all | Collapse all

How to turn off the implicit grant type

Jump to Best Answer

Anon AnonSep 04, 2016 10:31 AM

The OTK supports the implicit grant type of the OAuth 2.0 framework. However, how should this (rather ...

Zhijun HeSep 04, 2016 09:04 PMBest Answer

you would need to customize /auth/oauth/v2/authorize endpoint, Try to find "OTK response_type=TOKEN" ...

1. How to turn off the implicit grant type

0 Recommend
Anon Anon
Posted Sep 04, 2016 10:31 AM

Reply Reply Privately
The OTK supports the implicit grant type of the OAuth 2.0 framework. However, how should this (rather insecure) grant type be disabled? I know about the encapsulated assertion OTK Configured Grant Types, but the implicit grant type is not configurable there. Should I turn it off specifically in the authorize-endpoint?
2. Re: How to turn off the implicit grant type
Best Answer

2 Recommend
Broadcom Employee

Zhijun He
Posted Sep 04, 2016 09:04 PM

Reply Reply Privately
you would need to customize /auth/oauth/v2/authorize endpoint,
Try to find "OTK response_type=TOKEN" in authorize endpoint, and then disable the parent "All assertion ..." branch.
The test client /oauth/v2/client/implicit should return error message,
"The request was invalid. Please try again."

Copyright 2023. All rights reserved.

Powered by Higher Logic