diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
index 122411a5f..132b7389f 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
@@ -272,6 +272,10 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 
 			}
 		
+			if (client.getGrantTypes().contains("password")) {
+				throw new IllegalArgumentException("[HEART mode] Password grant type is forbidden");
+			}
+
 			// make sure we don't have a client secret
 			if (!Strings.isNullOrEmpty(client.getClientSecret())) {
 				throw new IllegalArgumentException("[HEART mode] Client secrets are not allowed");