it's also flexible. Even if app 99.99% of time uses response_type=code someday hacker comes and usues token on hacked redirect_uri.
simply speaking response_type is also should be static and constant. But, gosh, let's fix first-world-problem first
Thanks!
it's also flexible. Even if app 99.99% of time uses response_type=code someday hacker comes and usues token on hacked redirect_uri.
simply speaking response_type is also should be static and constant. But, gosh, let's fix first-world-problem first