A security engineer is troubleshooting a web application that uses OAuth 2.0 for authorization. Users report that after authenticating, they are unable to access resources that require a specific scope. The engineer inspects the authorization request and finds that the scope parameter is missing. Which OAuth flow is most likely being used?
Trap 1: Client credentials grant
Client credentials grant includes scope; scope is required for resource access.
Trap 2: Authorization code grant
Authorization code grant includes scope in the request; missing scope would cause error.
Trap 3: Resource owner password credentials grant
This grant type includes scope parameter; missing scope would prevent proper authorization.
- A
Client credentials grant
Why wrong: Client credentials grant includes scope; scope is required for resource access.
- B
Authorization code grant
Why wrong: Authorization code grant includes scope in the request; missing scope would cause error.
- C
Resource owner password credentials grant
Why wrong: This grant type includes scope parameter; missing scope would prevent proper authorization.
- D
Implicit grant
Implicit grant does not support scope parameter; scopes are typically fixed in client configuration.