What flow should we use for mobile applications?
Just as developing any other type of client application, the type of flow to use should be decided based on the capabilities of the platform. However, mobile platforms are quite new and rich, and so added attention is required when making this decision. The two main flows are still available to us—implicit grant and authorization code grant. Recall that the implicit grant is designed for use in untrusted clients, while the authorization code grant is designed for use with trusted clients. Further recall that trusted clients are clients that are able to securely store and transmit their confidential properties. So, the question then becomes, are mobile applications considered trusted, or untrusted?
Are mobile applications trusted or untrusted?
In order for a mobile application to be considered trusted, it must be able to securely store and transmit confidential information. This can really only be achieved in one way, with the use of a backend...
