Sarah

Dear Zendesk Team,

We would like to address the recent decision to disable the implicit grant flow for OAuth. While we understand the intent to improve security, this change does not align with our practical use case and introduces significant challenges.

Key Points:

1. No Real Security Improvement:
   • The implicit flow is not inherently less secure than the authorization code flow in our controlled environment.
   • Since the access token is processed within our controller, it is still exposed to browser extensions or malicious scripts in both scenarios.
2. Huge Disadvantage for Us and Our Customers:
   • Switching to the authorization code flow would require all our customers to update their business program that we deliver.
   • Many customers are unlikely to update just to support new Zendesk integrations for new users, especially for such a small functionality.

Our Request:

We kindly request Zendesk to reconsider disabling the implicit grant flow or provide an opt-in option for customers where this change imposes significant operational and practical challenges.

Thank you for your understanding and consideration.