Just published a new version of OAuth 2.0 for Browser-Based Apps!
https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-11.html
If you have feelings about tokens in browsers, please feel free to chime in on the discussion! You can comment on the mailing list or open issues on the GitHub repo linked from the doc!
WeChat ID
aaronpk_tv