This doc is discussing OAuth 2 implicit. OIDC Implicit is not in scope of the OAuth 2 security document; OIDC is a different working group. This is a quote about OAuth 2 implicit. But yes; OIDC Implicit seems like a best practice for SPA but OAuth 2 implicit is not per this doc😎
WeChat ID
aaronpk_tv
