Authentication Security Best Practices

1.1.x

insecure-oauth2-grants

general > insecure-oauth2-grants

Guidance / Message

Avoid OAuth2 implicit and resource owner password grants.

Examples

valid

securitySchemes:
  OAuth2:
    type: oauth2
    flows:
      authorizationCode:
        authorizationUrl: https://example.com/oauth/authorize
        tokenUrl: https://example.com/oauth/token
        scopes:
          'read:pets': read your pets
          'write:pets': modify pets in your account

invalid

securitySchemes:
  OAuth2:
    type: oauth2
    flows:
      implicit:
        authorizationUrl: https://example.com/oauth/authorize
        scopes:
          'read:pets': read your pets
          'write:pets': modify pets in your account

Applies to OAuth2Settings

Constraint

Type: Declarative Validation
TypeRuleset
OrganizationMuleSoft
Published by
MuleSoft Organization
Published onNov 29, 2023

Asset versions for 1.1.x

Version
1.1.0

Tags

specification