How to ensure your open api is secures
https://softwareengineering.stackexchange.com/questions/219028/how-to-safeguard-a-rest-api-for-only-trusted-mobile-applicationsarrow-up-right
Implicit Flow just has one less step so easier, but less secure or something. Doing a get request with access_token lets anyone who can see your history or url gets have it which is less secure than the regular oauth post request.
Last updated 5 years ago
