[RFC] Disable Password Credentials and Implicit grants by default #259
Description
These grants are marked as 'legacy' on the oAuth.net website and their usage is discouraged in the OAuth 2.0 Security Best Current Practice document.
I propose updating the Flex recipe to disable these grants for new installations and setting the default values of enable_password_grant and enable_implicit_grant to false in version 2.0.