Improved protection for resources within projects
We have improved protection for resources in the Document service, as detailed in our blog post from November 24th. As a result of these changes, any requests with tokens issued with the Implicit Grant flow will now be rejected with an error code of
403. All resources are now protected with an additional security check. If you use the Implicit Grant or Resource Owner Password Credentials Grant flow to access services, you must change to the Client Credentials flow. This provides an additional level of security so that users who belong to a project/site but do not have Client Credentials cannot manipulate resources within the project/site.
If you find any information that is unclear or incorrect, please let us know so that we can improve the Dev Portal content.
Use our private help channel. Receive updates over email and contact our specialists directly.
If you need more information about this topic, visit hybris Experts to post your own question and interact with our community and experts.