Change in Recommendations for Browser-Based Applications
Recently, due to a renewed discussion in the OAuth Working Group, the recommended approach for securing browser-based applications (such as JavaScript SPAs) has changed
Scott Brady Feb. 15, 2019