When would a Client Application be unable to use the User-Agent OAuth Flow (but able to use Web Server OAuth Flow)?

Question

A Client Secret is no longer required for Web Server OAuth Flow. This is not a new feature (Spring'17), but I have not given it much thought until now.

"If a client application can’t securely store the client secret and can’t use the user-agent authentication flow, the web server flow is your best option. Previously, the client secret was always required. Now, you can make the client_secret parameter optional in the web server flow by configuring the connected app to not require it."

https://releasenotes.docs.salesforce.com/en-us/spring17/release-notes/rn_security_auth_secret_optional.htm

When would a Client Application NOT be able to use the User-Agent OAuth Flow (but still be able to use Web Server OAuth Flow)?

Have you seen this answer: https://www.google.com/url?sa=t&source=web&rct=j&url=https://salesforce.stackexchange.com/questions/159513/pros-and-cons-of-user-agent-flow-vs-web-server-flow&ved=2ahUKEwjc87GPw7ncAhVK-6wKHeKFCr4QjjgwA3oECAgQAQ&usg=AOvVaw1fBeUl3JcpFCU1ItpWSSyp — techbusinessman, Jul 25 '18 at 05:33
Sure, I have read that article. It does not answer my question. My question above stands... I can't think of a situation where I would be forced into Web Server OAuth (with no client secret) and unable to use User-Agent OAuth. — krigi, Jul 25 '18 at 15:52

When would a Client Application be unable to use the User-Agent OAuth Flow (but able to use Web Server OAuth Flow)?

0 Answers0

Linked