diff --git a/CHANGELOG.md b/CHANGELOG.md
index c616fd136..a9e7df8ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,8 @@
 * BREAKING: Remove support for node v4
 * new: Added revoke-handler to revoke access token
 * new: Added implicit grant flow
-* new: Switch from jshint to eslint
+* new: Switch from jshint to eslin
+* fix: authorization_code grant should not be required in implicit flowt
 
 ### 3.1.0
 * new: Added package-lock.json
diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js
index 3c14d2290..8ddbeac78 100644
--- a/lib/handlers/authorize-handler.js
+++ b/lib/handlers/authorize-handler.js
@@ -69,7 +69,7 @@ AuthorizeHandler.prototype.handle = function(request, response) {
     throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response');
   }
 
-  if ('false' === request.query.allowed) {
+  if ('false' === request.query.allowed || 'false' === request.body.allowed) {
     return Promise.reject(new AccessDeniedError('Access denied: user denied access to application'));
   }