[OPENAM-11032] Need an option to limit, allow or deny OAuth2.0 flows per application Created: 12/Apr/17  Updated: 17/Jul/18  Resolved: 17/Jul/18

Status: Closed
Project: OpenAM
Component/s: oauth2
Affects Version/s: 13.5.0
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Kamal Sivanandam Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: AME
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is required by OPENAM-11479 OAuth 2: Do not allow implicit flow b... Open
Duplicate
Relates
Target Version/s:
Epic Link: OAuth2 per-client configuration
Support Ticket IDs:

 Description   

Need an option in the agent configuration page to allow or deny the 4 flows (authorization code, password credentials, client credentials, implicit grant). Only chosen flows should be available for the those agents/applications. Customers would like to enforce some set of applications always use Authorization code grant and block them from using password credentials grant.



 Comments   
Comment by Andy Hall [ 10/Oct/17 ]

Kamal Sivanandam  Could this be achieved by removing the response type plugins for the OAuth2 Provider Service or the support response types on the OAuth2 client?

Comment by Joe Starling [ 24/Nov/17 ]

The spec references this as a potential error response to the resource owner password flow, which could suggest that the authorization server should somehow be aware of which flows a particular client is authorized to use (or, that some authz servers can outright deny certain grant types...)
unsupported_grant_type
The authorization grant type is not supported by the
authorization server.

Comment by Nicolas Guichard [X] (Inactive) [ 25/Nov/17 ]

Hello, I believe the correct error code regarding this issue is : 

unauthorized_client
The authenticated client is not authorized to use this
authorization grant type.

Generated at Mon Sep 28 00:27:52 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.