you would need to customize /auth/oauth/v2/authorize endpoint,
Try to find "OTK response_type=TOKEN" in authorize endpoint, and then disable the parent "All assertion ..." branch.
The test client /oauth/v2/client/implicit should return error message,
"The request was invalid. Please try again."