I have follow this Which OAuth 2.0 flow should I use?, but I’m not sure what flow to use to implement in the following scenario.
We currently have an application / api pair. Both sides are implemented by our company. The app is a React application using Implicit Grant.
There is a new requirement to allow end users to use a third party application to login and access the api. This app is a Windows native application and is developed and managed by a third party company.
What kind of flow should we ask to implement to the external party that is secure for the user and avoids exposing our secrets to the third party company?