diff --git a/okta/resource_okta_app_oauth.go b/okta/resource_okta_app_oauth.go
index 0cbb2ba6c..d3f5cb54a 100644
--- a/okta/resource_okta_app_oauth.go
+++ b/okta/resource_okta_app_oauth.go
@@ -256,6 +256,7 @@ other arguments that changed will be applied.`,
 					Type: schema.TypeString,
 				},
 				Optional:    true,
+				Computed:    true,
 				Description: "List of OAuth 2.0 response type strings.",
 			},
 			"grant_types": {
@@ -264,6 +265,7 @@ other arguments that changed will be applied.`,
 					Type: schema.TypeString,
 				},
 				Optional:    true,
+				Computed:    true,
 				Description: "List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.",
 			},
 			"tos_uri": {
@@ -920,6 +922,10 @@ func buildAppOAuth(d *schema.ResourceData, isNew bool) *sdk.OpenIdConnectApplica
 
 func validateGrantTypes(d *schema.ResourceData) error {
 	grantTypeList := convertInterfaceToStringSet(d.Get("grant_types"))
+	// If grant_types are not set, we default to the bare minimum in func buildAppOAuth
+	if len(grantTypeList) < 1 {
+		return nil
+	}
 	appType := d.Get("type").(string)
 	appMap, ok := appRequirementsByType[appType]
 	if !ok {
diff --git a/okta/resource_okta_app_oauth_test.go b/okta/resource_okta_app_oauth_test.go
index 5d203ecab..f815df8f1 100644
--- a/okta/resource_okta_app_oauth_test.go
+++ b/okta/resource_okta_app_oauth_test.go
@@ -907,3 +907,34 @@ func TestAccResourceOktaAppOauth_omitSecretSafeEnable(t *testing.T) {
 		},
 	})
 }
+
+func TestAccResourceOktaAppOauth_1952(t *testing.T) {
+	mgr := newFixtureManager("resources", appOAuth, t.Name())
+	resourceName := fmt.Sprintf("%s.test", appOAuth)
+	config := `
+resource "okta_app_oauth" "test" {
+	label         = "MyApp"
+	type          = "web"
+	redirect_uris = ["http://d.com/"]
+	hide_ios      = true
+	hide_web      = true
+	omit_secret   = true
+	}
+`
+	oktaResourceTest(t, resource.TestCase{
+		PreCheck:          testAccPreCheck(t),
+		ErrorCheck:        testAccErrorChecks(t),
+		ProviderFactories: testAccProvidersFactories,
+		CheckDestroy:      checkResourceDestroy(appOAuth, createDoesAppExist(sdk.NewOpenIdConnectApplication())),
+		Steps: []resource.TestStep{
+			{
+				Config: mgr.ConfigReplace(config),
+				Check: resource.ComposeTestCheckFunc(
+					ensureResourceExists(resourceName, createDoesAppExist(sdk.NewAutoLoginApplication())),
+					resource.TestCheckResourceAttr(resourceName, "grant_types.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "grant_types.0", "authorization_code"),
+				),
+			},
+		},
+	})
+}