OAuth: Grant type check
I noticed that a client without authorization_code
grant is able to make use of this grant and have users login to Genesys. This should not be allowed.
Similarly, clients with only client_credentials
should only be able to authenticate with that flow, clients without client_credentials
should be prevented from authenticating as clients.