tallship
diff --git a/‎openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java‎
Lines changed: 4 additions & 0 deletions b/‎openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java‎
Lines changed: 4 additions & 0 deletions
@@ -272,6 +272,10 @@ private void checkHeartMode(ClientDetailsEntity client) {
 
 }
 
+if (client.getGrantTypes().contains("password")) {
+throw new IllegalArgumentException("[HEART mode] Password grant type is forbidden");
+}
+
 // make sure we don't have a client secret
 if (!Strings.isNullOrEmpty(client.getClientSecret())) {
 throw new IllegalArgumentException("[HEART mode] Client secrets are not allowed");
Original file line number	Diff line number	Diff line change
`@@ -272,6 +272,10 @@ private void checkHeartMode(ClientDetailsEntity client) {`
`272`	`272`
`273`	`273`	`}`
`274`	`274`
	`275`	`+if (client.getGrantTypes().contains("password")) {`
	`276`	`+throw new IllegalArgumentException("[HEART mode] Password grant type is forbidden");`
	`277`	`+}`
	`278`	`+`
`275`	`279`	`// make sure we don't have a client secret`
`276`	`280`	`if (!Strings.isNullOrEmpty(client.getClientSecret())) {`
`277`	`281`	`throw new IllegalArgumentException("[HEART mode] Client secrets are not allowed");`