IBM Security Access Manager V9.0 Deployment — Question 1

A customer has a developed an OAuth 2.0 Client application to access resources on behalf of a user. The customer states that the OAuth client has the following two constraints:
1. The OAuth client is not capable of maintaining its credentials confidential for authentication with the authorization server.
2. The resources owner does not have a trust relationship with the client.
What is the suitable OAuth 2.0 grant type for the API Protection Policy if the user resource accessed by the OAuth 2.0 client is to be protected by IBM Security
Access Manager V9.0?

Answer options

• A. Implicit Grant
• B. Client Credential Grant
• C. Authorization Code Grant
• D. Resource Owner Password Credentials Grant

Correct answer: B

Explanation

The Client Credentials Grant is suitable in this scenario as it is designed for clients that cannot keep their credentials confidential and do not have a trust relationship with the resource owner. The other options, such as the Implicit Grant and Authorization Code Grant, require a higher level of security and trust that is not present here, while the Resource Owner Password Credentials Grant is not applicable since the client lacks the necessary trust relationship.