grant_type on token is incorrect when using Implicit flow

[matosf]

1. Go to: https://provider-host/oauth2/authorize?realm=/testrealm&response_type=token&client_id=testclient&redirect_uri=http://host/dummy-callback/oauth
2. Login and get the token.
3. Go to: https://tokeninfo-host/oauth2/tokeninfo?access_token=TOKEN
4. Response has grant_type: password instead of token.

[hjacobs]

Actually we don't even store the "grant_type" in the token, so I would rather remove it from the Token Info endpoint (which we should not do because of compatibility) or do nothing.

I don't want to grow the token size just to store the "grant_type" (which nobody really uses anyway) :smirk:

[matosf]

Since AFAIK the tokeninfo endpoint is not part of the OAuth2 standard, we can change the response to include just what we need.

Since nobody uses the "grant_type", I would also just drop it from the response.

[hjacobs]

@matosf we could probably just wait for the new OAuth Introspection Endpoint to be implemented: https://github.com/zalando/planb-tokeninfo/issues/32 --- that is completely different (requires app changes!) and would remove all the legacy response structures (e.g. truthy scope attributes).

[matosf]

@hjacobs seems good to me