BCP for public UA clients:
β’ use the authorization code flow
β’ omit client secret
β’ strict redirect URI validation
Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps
β’ use the authorization code flow
β’ omit client secret
β’ strict redirect URI validation
Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps