How to fix DAST-OAuth Implicit Grant Type flaw?

  • What Grafana version and what operating system are you using?

  • What are you trying to achieve?
    Fix OAuth Implicit Grant Type flaw security issue

  • How are you trying to achieve it?
    I’ve already set use_pkce = true under [auth.generic_oauth] section

  • What happened?
    The security issue still there after I set the use_pkce = true

  • What did you expect to happen?
    OAuth Implicit Grant Type flaw issue fixed

  • Can you copy/paste the configuration(s) that you are having problems with?

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

  • Did you follow any online instructions? If so, what is the URL?
    This is a Grafana setup in Openshift, and using the Oauth authentication

Please explain how you can have “OAuth Implicit Grant Type flow issue”, when you are using " Authorization Code Flow with Proof Key for Code Exchange (PKCE)"?
It looks like you are copying reports from some security scanner without any logical validation.