I'm in the planning phase of a new application. This is an application on which we never would allow social login, and the login would never be used anywhere else. I also really want to keep the login dialog "inside" the application. But the more I read about this, the more it seems that you should use the "Implicit Grant" or "Authentication Code" flows.
In my type of application, is there any reason to not use the "Resource Owner Password" flow? (It will be a SPA calling a ASP.NET WebAPI)
No responses yet.