IBM Security Access Manager V9.0 Deployment — Question 37

A deployment professional has a requirement to configure an OpenID provider which does not expose tokens to the end user.
Which grant type should be enabled when creating the federation?

Answer options

• A. SAML
• B. Explicit
• C. Refresh Token
• D. Authorization Code

Correct answer: D

Explanation

The Authorization Code grant type is designed for server-side applications where tokens are not exposed to the user, ensuring better security. In contrast, SAML is a different protocol for authentication, Explicit is not a standard grant type in OpenID, and Refresh Token is used to obtain new access tokens, but it still requires the initial token to be exposed.