Examice

Exam C2150-609 All QuestionsBrowse all questions from this exam

Question 1

A customer has a developed an OAuth 2.0 Client application to access resources on behalf of a user. The customer states that the OAuth client has the following two constraints:

1. The OAuth client is not capable of maintaining its credentials confidential for authentication with the authorization server.

2. The resources owner does not have a trust relationship with the client.

What is the suitable OAuth 2.0 grant type for the API Protection Policy if the user resource accessed by the OAuth 2.0 client is to be protected by IBM Security

Access Manager V9.0?

Implicit Grant

Client Credential Grant

Authorization Code Grant

Resource Owner Password Credentials Grant

Correct Answer: A

The suitable OAuth 2.0 grant type for the described client constraints is the Implicit Grant. This is because the Implicit Grant flow is designed for clients that are incapable of maintaining the confidentiality of their credentials and where there is no trust relationship with the resource owner. The Implicit Grant flow does not require the client secret, making it suitable for applications like single-page apps or mobile apps where client secrets cannot be securely stored.

Discussion

alexgammaroOption: A

the right answer is the letter A.

examverifiedOption: A

A: https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.3/com.ibm.isam.doc/config/concept/ con_oauth20_workflow.html