WSO2 API Manager has the capability of restricting which grant types are enabled to a given application. This functionality is provided via the management console of the API Manager. Given below are the steps required
1. App developers should have the required permission in order to restrict the grant types available for an application. Permission given below should be set to a user role associate to the App developer.
2. Once this is done please log out and log into the API Manager’s admin console
3. Now you would see the OAuth URL available in the left navigation, click on this.
4. Here you would see all the applications that are created by the App developer, from this menu select the relevant application to which the grant types should be restricted.
5. Once you are inside the selected application you can define which grant types should be allowed to a given application. By default all grant types are ‘un-checked’ and all grant types are allowed. If you want to override this default configuration select on the required grant types that should be allowed to a given application.
6. Once you are done click on the update button and the configuration would be updated.