IBM Security Access Manager V9.0 Deployment — Question 52

A deployment professional has a requirement to configure an OpenID Connect federation which does not allow the Relying Party to access the token endpoint.
Which grant type must be enabled when creating the federation?

Answer options

• A. Implicit
• B. Refresh Token
• C. Client Credentials
• D. Authorization code

Correct answer: D

Explanation

The Authorization code grant type is designed for scenarios where the Relying Party does not need direct access to the token endpoint, as it involves an intermediate authorization code exchange. The Implicit grant type, Refresh Token, and Client Credentials do not provide the same level of security and are not suitable for this requirement.