Here, we're listing two flows: https://github.com/buildingSMART/foundation-API#221-obtaining-authentication-information
implicit_grant, which has been effectively deprecated, or at least it's usage is heavily discouragedresource_owner_password_credentials_grant, which never really was considered secure in scenarios where you did not control all services involved
This was brought up in the meeting today, and we should just remove it from the spec completely.
Here, we're listing two flows: https://github.com/buildingSMART/foundation-API#221-obtaining-authentication-information
implicit_grant, which has been effectively deprecated, or at least it's usage is heavily discouragedresource_owner_password_credentials_grant, which never really was considered secure in scenarios where you did not control all services involvedThis was brought up in the meeting today, and we should just remove it from the spec completely.