Auth flow for external native application

I have follow this Which OAuth 2.0 flow should I use?, but I’m not sure what flow to use to implement in the following scenario.

We currently have an application / api pair. Both sides are implemented by our company. The app is a React application using Implicit Grant.

There is a new requirement to allow end users to use a third party application to login and access the api. This app is a Windows native application and is developed and managed by a third party company.

What kind of flow should we ask to implement to the external party that is secure for the user and avoids exposing our secrets to the third party company?

Hey there @david.casillas, I apologize for the delay in a response. After checking with our Support team, we would recommend using one of our SDKs to handle it the bulk of the work but reading into your scenario a bit more it sounds like Authorization Code w/ PCKE might be the best fit for your use-case. I have attached a tutorial below that dives into getting it started. Please let me know if you have any questions!

https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce